Skip to main content

Send incidents to xMatters

You can configure Moogsoft Cloud to send incidents to xMatters.

Before you begin

Before you set up your xMatters integration:

  • Make sure you are signed in to your Moogsoft instance.

  • Make sure you have a Moogsoft API key to use with your integration. To create a new API key, read Create an API key.

  • Make sure you are signed in to xMatters.

Install the workflow in xMatters

Configure xMatters for the integration:

  1. In xMatters, navigate to Workflows > Workflow Templates.

  2. Find the Moogsoft Incidents tile and click Add.

  3. Provide a name for the workflow (this must be unique in your xMatters instance) and add an optional description.

  4. Click Next.

  5. Copy the Trigger URL and save it for later use.

  6. Click Close.

  7. Open the Moogsoft Incidents workflow.

  8. Click the Flow Designer tab.

  9. Open the Moogsoft Incidents canvas.

  10. Expand the Components menu.

  11. Select Constants.

    The workflow contains two constants for you: One for the API key, and the other for the custom user property.

Configure the CREATE webhook endpoint in Moogsoft

Once you have finished configuring xMatters, you will need to create new incident webhook endpoints in Moogsoft in order to pass data from Moogsoft to xMatters. This section explains how to set up the xMatters CREATE webhook endpoint, which creates new incidents in xMatters when incidents appear in Moogsoft.

To configure the CREATE webhook endpoint:

  1. In Moogsoft, navigate to Integrations > Outbound Integrations > Webhook Endpoint > Incident Webhook Endpoint.

  2. Click Add Incident Webhook Endpoint and enter "xMatters CREATE" as the name of the webhook endpoint. Optionally, provide a description.

  3. Complete each section of the webhook endpoint according to the following:

    1. Skip the Triggers section.

    2. Configure the Endpoint:

      1. Set the Request Method to POST.

      2. Under URL, copy and paste the Trigger URL provided earlier in xMatters.

      3. Optionally, modify the URL by adding the target names of any xMatters recipients you want to notify when the alert fires.

        • If you used URL authentication when configuring the Moogsoft Incidents workflow in xMatters, use an ampersand to attach recipients.

          For example, if you want to notify Steve Wiseman and the on-call members in the group responsible for the Hyperion service, you'd add &recipients=swiseman,hyperion to the URL.

        • For other authentication types, use a question mark to attach recipients.

          For example, if you want to notify Jenn Gladstone and the on-call members in the group responsible for the Ares service, you'd add ?recipients=jgladstone,ares to the URL.

      4. Under Authorization, make sure No auth is selected.

    3. Specify the Payload Body:

      1. Replace the default payload with the following:

        {
    "timestamp": "$created_at",
    "location": "$tags.region",
    "severity": "$severity",
    "id": "$id",
    "description": "$description",
    "services": $services,
    "status": "$status",
    "totalalerts": "$total_alerts",
    "signalMode": "New",
    "assignee": "$assignee",
    "correlationDefinition": "$correlation_definition",
    "incidentURL": "$incident_url"
}

      2. Scroll up to the top of the page and click Test in the upper right-hand corner. You should see response details and a confirmation that the webhook endpoint is configured correctly.

      3. Make additional payload adjustments according to your business needs. To learn more about fine-tuning your outbound payload, read Configure the CREATE payload body for a webhook endpoint.

    4. Save the webhook endpoint.

Configure the UPDATE webhook endpoint in Moogsoft

Next, create an xMatters UPDATE webhook endpoint, which sends updates to xMatters when Moogsoft incidents are changed.

To configure the UPDATE webhook endpoint:

  1. Navigate to Integrations > Outbound Integrations > Webhook Endpoint > Incident Webhook Endpoint.

  2. At the far right side of the "xMatters CREATE" webhook endpoint you just configured, click on the copy icon:

    xMattersDuplicate.png

  3. Enter "xMatters UPDATE" for the name of the duplicate webhook endpoint and click Duplicate.

  4. Click on the "xMatters UPDATE" webhook endpoint to open it.

  5. Click Edit.

  6. Under the Triggers section, select the conditions that you would like to trigger the webhook endpoint.

  7. Under the Payload Body section, replace the existing payload with the following:

    {
    "timestamp": "$created_at",
    "location": "$tags.region",
    "severity": "$severity",
    "id": "$id",
    "description": "$description",
    "services": $services,
    "status": "$status",
    "totalalerts": "$total_alerts",
    "signalMode": "Update",
    "assignee": "$assignee",
    "correlationDefinition": "$correlation_definition",
    "incidentURL": "$incident_url"
}

  8. Save the webhook endpoint.

Configure the CREATE workflow in Moogsoft

Configure an incident workflow called xMatters CREATE Workflow, which triggers the "xMatters CREATE" webhook endpoint when an incident is created in Moogsoft.

To configure the CREATE workflow:

  1. In Moogsoft, navigate to Correlate & Automate > Workflow Engine > Incident Workflows.

  2. Click Add Workflow and enter "xMatters CREATE Workflow" as the name of the workflow. Optionally, provide a description.

  3. For the Trigger, select New incidents only.

    If applicable, add a filter condition on the incidents that you wish to forward to xMatters.

  4. Click Add Action, select the Send to Endpoint action and then click Add Selected Action.

  5. Select the new Send to Endpoint action and complete each section according to the following:

    1. Webhook: Select the "xMatters CREATE" incident webhook endpoint that you created earlier.

    2. External Link: Skip this section.

    3. Integration Name: Enter the following (without quotes): "xMatters Integration"

      Skip all remaining sections.

  6. Save and Enable the workflow.

Configure the UPDATE workflow in Moogsoft

Finally, configure another incident workflow called xMatters UPDATE Workflow, which triggers the "xMatters UPDATE" webhook endpoint to send data when an incident is updated in Moogsoft.

To configure the UPDATE workflow:

  1. Navigate to Correlate & Automate > Workflow Engine > Incident Workflows.

  2. Click Add Workflow and enter "xMatters UPDATE Workflow" as the name of the workflow. Optionally, provide a description.

  3. For the Trigger, select Changed incidents only.

  4. Click Add Action, select the Send to Endpoint action and then click Add Selected Action.

  5. Select the new Send to Endpoint action and complete each section as follows:

    1. Webhook: Select the "xMatters UPDATE" incident webhook endpoint that you created earlier.

    2. External Link: Skip this section.

    3. Integration Name: Enter the following: "xMatters Integration"

      Skip all remaining sections.

  6. Save and Enable the workflow.

Test the integration

  1. Within Moogsoft, navigate to Integrations > Ingestion Services > Events API.

  2. Add your API key to the provided cURL command and run the command in an external terminal to send an event to Moogsoft.

  3. Verify that an incident has been created in Moogsoft.

  4. Within xMatters, verify that incident data from Moogsoft has arrived.

  5. If you have enabled updates and included Status changed as a trigger, close the incident in Moogsoft and verify in xMatters that updated incident data has arrived.

In this section: