Skip to main content

SolarWinds integration

You can use an APEX AIOps Incident Management custom integration to ingest events from SolarWinds.

Before you begin

Before you set up your SolarWinds integration:

  • Make sure you are signed in to your Incident Management instance.

  • Make sure you are signed in to SolarWinds.

  • Make sure you have a valid Incident Management API key.

Create a custom integration in Incident Management

  1. Within Incident Management, navigate to Integrations > Ingestion Services > Create your own Integration.

  2. Click Add New Integration.

  3. Under APEX AIOps Incident Management Endpoint, enter a unique name for your new integration (required).

    Note

    The name of the integration can be anything you choose. Incident Management will automatically generate an API endpoint URL independent of what you enter for this field.

  4. Under API Description, enter a description for the integration (optional).

  5. Under Data Type, select Events.

  6. Click Save.

  7. Keep the web page for this integration open in your browser while you complete the following steps in SolarWinds.

Configure alert actions in SolarWinds

  1. Open SolarWinds. Navigate to Alerts & Activity > Alerts.

  2. From the top right, click Manage Alerts.

  3. Click on the name of an alert that should trigger the integration with Incident Management.

  4. Add a new trigger action:

    1. In the Edit Alert window, navigate to Trigger Actions.

    2. Under Trigger Actions, click Add Action.

    3. Select Send a GET or POST Request to a Web Server.

    4. Click Configure Action.

  5. Configure the trigger action:

    1. Under Name of action, provide a name: "Send to Incident Management."

    2. Under URL, paste the endpoint URL for your Incident Management integration.

      The endpoint URL is provided for you in Incident Management on the page for your custom integration, under Configuration Information > APEX AIOps Incident Management Endpoint.

    3. Select Use HTTP/S POST.

    4. Under Body to POST, copy and paste the following:

      {
    "description": "${N=Alerting;M=AlertDescription}",
    "severity": "${N=Alerting;M=Severity}",
    "source": "${N=SWQL;M=SELECT TOP 1 RelatedNodeCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "check": "${N=Alerting;M=AlertName}",
    "manager": "Solarwinds",
    "class": "${N=Alerting;M=ObjectType}",
    "city": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.City FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "department": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.Department FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "ipAddress":"${N=SwisEntity;M=Node.IP_Address}",
    "machineType":"${N=SwisEntity;M=Node.MachineType}"
}

    5. Under ContentType, delete the default value and replace it with: application/json

    6. Under Authentication, select Token.

    7. Under Header Name, type: apiKey

    8. Under Header Value, enter your Incident Management API key.

    9. Click Add Action.

  6. Test the trigger action:

    1. In the row for your new trigger action, click the Simulate icon (lightning bolt) on the far right.

    2. Select the required properties for simulation and click Execute. This will send a test payload to your Incident Management integration.

    3. Open Incident Management. Within the page for your custom integration, scroll down to the Map Your Data section. Here, you can view cached payloads of incoming events sent from SolarWinds.

      Confirm that the test payload you sent is there.

  7. Add a new reset action:

    1. Go back to where you left off in SolarWinds. At the bottom right of the page, click Next to go to the Reset Actions page.

    2. Under the Reset Action section, click Add Action.

    3. Select Send a GET or POST Request to a Web Server.

    4. Click Configure Action.

  8. Configure the reset action:

    1. Under Name of action, provide a name: "Send Clear to Incident Management."

    2. Under URL, paste the endpoint URL for your Incident Management integration.

      The endpoint URL is provided for you in Incident Management on the page for your custom integration, under Configuration Information > APEX AIOps Incident Management Endpoint.

    3. Select Use HTTP/S POST.

    4. Under Body to POST, copy and paste the following:

      {
    "description": "${N=Alerting;M=AlertDescription}",
    "severity": "Clear",
    "source": "${N=SWQL;M=SELECT TOP 1 RelatedNodeCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "check": "${N=Alerting;M=AlertName}",
    "manager": "Solarwinds",
    "class": "${N=Alerting;M=ObjectType}",
    "city": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.City FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "department": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.Department FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "ipAddress":"${N=SwisEntity;M=Node.IP_Address}",
    "machineType":"${N=SwisEntity;M=Node.MachineType}"
}

    5. Under ContentType, delete the default value and replace it with: application/json

    6. Under Authentication, select Token.

    7. Under Header Name, type: apiKey

    8. Under Header Value, paste your Incident Management API key.

    9. Click Add Action.

  9. Test the reset action:

    1. In the row for your new reset action, click the Simulate icon (lightning bolt) on the far right.

    2. Select the required properties for simulation and click Execute. This will send a test payload to your Incident Management integration.

    3. Open Incident Management. Within the page for your custom integration, scroll down to the Map Your Data section. Here, you can view cached payloads of incoming events sent from SolarWinds.

      Confirm that the test payload you sent is there.

  10. Click Next to go to the Summary page.

  11. Click Submit.

  12. Assign the trigger action to alerts:

    1. Within the Manage Alerts page, use the checkboxes to select all alerts that should trigger the integration with Incident Management.

    2. Click Assign Action > Assign Trigger Action.

    3. From the list of trigger actions, select the "Send to Incident Management" action you created.

    4. Click Assign.

  13. Assign the reset action to alerts:

    1. Within the Manage Alerts page, use the checkboxes to select the same alerts a second time.

    2. Click Assign Action > Assign Reset Action.

    3. From the list of reset actions, select the "Send Clear to Incident Management" action you created.

    4. Click Assign.

Configure the custom integration in Incident Management

  1. Go to your Incident Management instance.

  2. Open the page for your custom integration by going to Integrations > Ingestion Services > Create your own Integration > your-integration-name.

  3. Scroll down to the Map Your Data section. Map your payload fields to the corresponding Incident Management fields. An example mapping is provided for you below as a reference, but you should tailor the mapping according to your business needs.

    For a complete list of mapping types, save options, and instructions on how to use them, read Use mapping types in custom integrations.

    Table 1. Example mapping

    SolarWinds field

    Incident Management field

    source

    source

    description

    description

    check

    check

    severity

    severity

    department

    service

    class

    class

    manager

    manager

    city

    tags.swCity

    ipAddress

    tags.swIpAddress

    machineType

    tags.swMachineType



  4. Scroll down to the Set Your Deduplication Key section.

  5. Edit the deduplication key and remove service.

  6. Click Save at the top of the page.

In this section: