Summary
Integration & Notifications Options are Available in the Settings Section
Notifications are a great way to stay on top of Sophie's interesting incidents. Of course, you can always log in to Loom and review the alerts, but it tends to be more convenient to have alerts come to you.
You can configure Loom to alert you on notable events through your pre-existing notification system.
Loom supports the following integrations:
- Slack
- SNS by Amazon
- PagerDuty
- SNS++
- Webhook
- ServiceNow
You can configure Sophie to send notifications to one or more of the platforms mentioned above.
Please keep in mind that the integration with email and Slack will allow you to interact with the alerts sent from Sophie (mute, raise or remove the alert from the feed)
Release
Sophie Standalone 3.4.x-3.7.x
Instructions
Setup
Navigate to Settings > Integrations to select an integration to add. ]
Make sure to fill in the technical details such as WebHook url, credentials, etc. as needed.
Once the integration has been created, use the Notifications screen (Also located under Settings > Notifications) to subscribe to the specific type of alerts /
incidents you want to be notified about, and select the proper channel for each one of them.
Notification Types
You can configure the following Notification Types:
-
● SourceType Issues Notifications
-
● Mapping and Streaming Notifications
-
● Operational Notifications
-
● General Error Notifications
Source Type Issues Notifications
Too many parsing errors - Notify when too many Javascript errors occurred
Unclassified Event Broker Error
Too many new patterns created - Notify when too many new patterns are being created
Too many timestamp parsing errors - Notify when too many events are being dropped due to timestamp extractions failures
Too many new raw metrics - Notify when too many sources are being created
An index holds too many properties - Notify via when a specific elastic index holds too many properties
Max Properties Per Event Exceeded - Notify via when a too many events exceed the allowed number of properties and therefore are being dropped
Mapping & Streaming Notifications
Events dropped due to retention settings - Notify when too many events are being dropped due to retention settings
Too many sources created - Notify when too many events are being dropped due to timestamp extractions failures
Too many source types created - Notify when too many source types are being created
Too many events exceed max length - Notify when a too many events exceed the allowed number of characters and therefore are being dropped
Too many streams exceed max length - Notify when too many events being sent to the data input exceed the allowed number of characters and therefore are being dropped
Operations Notifications
New Source - Notify when a new source is created
Dead Source - Notify when a source is not streaming data
New Incident - Notify when a new incident was created
Incident Updated - Notify when an incident was updated
Incident Resolved - Notify when an incident was resolved
General Error Notifications
Fatal Error - Notify when a fatal error is encountered
Execution Timeout - Notify when an execution has timed out
Queues are full - Notify when a too many events are being dropped due to full queues
Too Many Replacement Timeout
Stack overflow error - Notify when StackOverflowError was occurred as a result of wrong use of regular expression
Extractor Error - Notify when too many events are being discarded due to auto extractor error
Problematic component detected - Notify when Sophie isn't keeping up with the data
System
When configuring a notification for 'New Incident' you should also specify the 'Applications' you want to be notified about and the 'Minimum Severity'.
Please note: Using the "advance mode" toggle allows to configure alerts to be sent to specific emails or specific Slack channels.
ServiceNow Auto Ticketing Integration
To configure the integration, access Settings > Settings > Integration > ServiceNow
You’ll need fill the following information in the form:
Host (full URL of ServiceNow environment)
Username and Password (Admin account in ServiceNow)
In addition to standard fields we can also pass along custom field values
Navigate to Settings > Settings > Settings > System > servicenow.meta_fields Additional fields can be added to the JSON we pass over to ServiceNow in this field
For tickets to be automatically generated when an alert is populated, we need tags
Tags allow for incidents within Sophie to be created into ServiceNow incidents without user intervention
To define a tag, navigate to Settings > Anomaly Detection > Auto Tickets > + Add New
Here we need to fill out the name of the tag and associate it with an assignment group within ServiceNow
Next, we need to create an automation rule
An automation rule allows for a tag to be associated with an incident in Sophie based on any
key value pairs within the incident. It is extremely flexible due to the use of JavaScript for rule creation.
To create a rule navigate to Navigate to Settings > Anomaly Detection > Auto Tickets > Automation Rules > + Add New
Related Links
Outgoing Webhook Integration - KB0822581
Connecting Loom Predictive Intelligence to ServiceNow Event Management - KB0830885