incident.io
incident.io is an incident management and alerting platform. By integrating incident.io with Cortex, you can drive insights into past incidents.
Setup and configuration
Getting started
In order to connect Cortex to your incident.io instance, you’ll need to create a incident.io API key in API keys settings from your incident.io dashboard.
The key should have the following scopes:
- Create incidents
- View all incident data, including private incidents
- View data like public incidents and organization settings
- View catalog types and entries
Configuration
Once you've created the API key, add it under incident.io settings in Cortex.
Click Add incident.io configuration and enter the following information:
- Account alias (optional): Alias for a given configuration; only relevant if you plan to add multiple configurations.
- API key: API key generated from your incident.io dashboard.
If you do not see the settings page you're looking for, you likely don't have the proper permissions and need to contact your admin.
Once you save your configuration, you'll see the last four characters of the token you entered. If you’ve set everything up correctly, you’ll see the option to Remove Integration in Settings.
You can also use the Test all configurations button to confirm that the configuration was successful. If your configuration is valid, you’ll see a banner that says “Configuration is valid. If you see issues, please see documentation or reach out to Cortex support.”
Multi-account support
The incident.io integration has multi-account support so you can add a configuration for each additional instance by repeating the above process.
Each configuration requires an alias, which Cortex uses to correlate the designated instance with registrations for various entities. Registrations can also use a default configuration without a listed alias.
You can edit aliases and default configurations from the incident.io page in settings. Select the edit icon next to a given configuration and toggle "Set as default" on. If you only have one configuration, it will automatically be set as the default.
Registration
Discovery
By default, Cortex will try to "best-guess" the corresponding custom field value in incident.io for all catalog-based custom fields.
Cortex first looks up a custom field values using the name (e.g. My Entity), then the entity identifier (e.g. my-entity). For example, if your entity name is "My Entity," then the corresponding custom tag field in incident.io should either be "My Entity" or "my-entity."
Entity descriptor
If you need to override automatic discovery, you can define the following block in your Cortex entity descriptor.
x-cortex-incident-io:
customFields:
- name: Entity
value: My Entity
alias: my-default-alias
| Field | Description | Required |
|---|---|---|
name | Name for the entity (from customFieldName) | ✓ |
value | Display name for the entity in Cortex | ✓ |
alias | Alias for the related configuration in Cortex; only relevant if multi-account support is enabled |
x-cortex-incident-io:
customFields:
- id: Entity_ID
value: my-second-entity
alias: my-other-alias
| Field | Description | Required |
|---|---|---|
id | ID for the entity (from customFieldID) | ✓ |
value | Tag for the entity in Cortex | ✓ |
alias | Alias for the related configuration in Cortex; only relevant if multi-account support is enabled |
Expected results
Entity pages
Once the integration is set up, incident data will appear on entity details pages.
Active incidents detected in incident.io will appear on an entity's details page in the Operations block under the Overview tab. More detailed information is also available under the Operations tab.
Integrations - incident.io
Incident data will also be pulled into the incident.io page under the Integrations tab.
Scorecards and CQL
With the incident.io integration, you can create Scorecard rules and write CQL queries based on incident.io incidents.
Check if incident.io service is set
Check if entity has a registered incident.io custom field value in its entity descriptor.
If no registration exists, Cortex will try to automatically detect which corresponding incident.io custom field value is associated with the entity.
Definition: incidentio (==/!=) null
Example
For a Scorecard focused on operational maturity, you can use this expression to make sure each entity has an incident.io project set:
incidentio != null
Incidents
List incidents, filterable by severity and status.
-
Created at
-
Mode
-
Name
-
Severity
-
Status
-
Summary
-
Type
-
URL
Definition:
incidentio.incidents()
Examples
To assess entities' health in a Scorecard, you can write a rule to make sure a given entity has fewer than three incidents with a severity of SEV1:
incidentio.incidents(severity = ["SEV1"]).length < 3
You can also use this expression to query for entities that have two or fewer critical incidents in the last three months:
incidentio.incidents(severity = ["Critical"]).filter((incident) => datetime(incident. createdAt).from_now() > duration("-P90D")).count <= 2
Still need help?
The following are all the ways to get assistance from our customer engineering team. Please use the option that is best for your users:
- Email: help@cortex.io, or open a support ticket in the in app Resource Center
- Chat: Available in the Resource Center
- Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a
:ticket:reaction to a question in Slack, and the team will respond directly.
Don’t have a Slack channel? Talk with your customer success manager.