Sleuth Documentation
HomeBlogSupportSign up
  • Getting started
  • Navigating Sleuth
  • DORA metrics
    • Deploy frequency
    • Change lead time
    • Change failure rate
    • MTTR
    • Interpreting Metrics in Sleuth
  • Deployment tracking
    • Organization
      • Labels
      • Trends
      • Compare
      • Search
      • Status
    • Projects
      • Issue trackers
    • Environments
    • Code deployments
      • Creating a deployment
      • How to register a deploy
      • Rollbacks
      • Automatic tagging
      • Deployment locking
      • Environment drift
      • Move code deployments
      • Search everything
    • Feature flags
    • Manual changes
    • Deploys
    • Teams
  • Work in Progress
  • Goals
  • Sleuth Automations
    • Automations Marketplace
      • Installing Automations
        • Installing PR "Update" Automations
      • Editing and uninstalling Automations
      • Smart suggestions
      • Understanding efficacy
    • Custom Automations
      • Automations Cookbook
      • Webhook Actions
      • Trigger Build Actions
        • Bitbucket Pipelines
        • CircleCI
        • Github Actions
        • Jenkins
  • Slack & Email Notifications
  • Auto-verify deploys
    • Anomaly detection
    • Error impact
    • Metric impact
  • Ignoring pull requests
  • Slack mission control
    • Approvals
    • Project notifications
    • Personal notifications
    • Search Sleuth in Slack
    • Project/Deployment history
    • Developer standup
  • Sleuth API
    • Deploy Registration
    • Deploy import
    • Manual Change
    • Custom Incident Impact Registration
    • Custom Metric Impact Registration
    • Deprecation information
    • GraphQL Queries
    • GraphQL Mutations
    • Query batching
  • Integrations
    • About Integrations...
    • Code integrations (read-only)
      • Azure DevOps
      • Bitbucket
      • GitHub
      • GitLab
      • Custom Git
      • Terraform Cloud
    • Code integrations (write)
    • Feature flag integrations
      • LaunchDarkly
    • Impact integrations
      • Error trackers
        • Bugsnag
        • Honeybadger
        • Rollbar
        • Sentry
      • Metric trackers
        • AppDynamics
        • AWS CloudWatch
        • Custom
        • Datadog
        • Jira metrics (Cloud / Data Center)
        • NewRelic
        • SignalFx
      • Incident tracker integrations
        • Blameless
        • PagerDuty
        • Datadog Monitors
        • Statuspage
        • Opsgenie
        • Jira (Cloud/Data Center)
        • FireHydrant
        • Rootly
        • ServiceNow
        • Custom
          • Grafana OnCall
      • CI/CD builds
        • Azure Pipelines
        • Bitbucket Pipelines
        • Buildkite
        • CircleCI
        • GitHub Actions
        • GitLab CI/CD Pipelines
        • Jenkins
    • Sleuth DORA App for Slack
    • Microsoft Teams integration
    • CI/CD integrations
      • Azure Pipelines
      • Bitbucket Pipelines
      • Buildkite
      • CircleCI
      • Github Actions
      • GitLab CI/CD Pipelines
      • Jenkins
    • Issue tracker integrations
      • Jira Cloud
      • Jira Data Center
      • Linear
      • Shortcut
    • Fixing broken integrations
  • Pulse
    • Welcome to Pulse docs
    • Quick Start setup guide
    • Beginner tutorials
      • 1. How to create a Teamspace
      • 2. How to create a Review
      • 3. How to create a Survey
  • Features
    • Reviews
      • Review workflow
      • Review templates
      • Widgets and Sections
        • Widget type
      • Review settings
    • Surveys
      • Survey Workflow
    • Teamspaces
    • Inbox
    • AI assistant
    • General settings
      • Users and Teams
      • Investment mix
  • Settings
    • Organization settings
      • Details
      • Authentication
        • SAML 2.0 Setup
          • Okta Configuration
          • Azure AD Configuration
          • PingIdentity Configuration
      • Access Tokens
      • Members
      • Team Settings
      • Billing
    • Project settings
      • Details
      • Slack settings
      • Environment settings
      • Code deployment settings
      • Feature flag settings
      • Impact settings
    • Account settings
      • Account settings
      • Notifications settings
      • Identities settings
    • Role Based Access Control
  • Resources
    • FAQ
    • Sleuth TV
    • Purchasing
    • About Sleuth...
Powered by GitBook
On this page
  • Registering a new Incident
  • Closing an Incident

Was this helpful?

  1. Integrations
  2. Impact integrations
  3. Incident tracker integrations
  4. Custom

Grafana OnCall

If you are using Grafana OnCall to manage your alerts, you can use its Outgoing Webhooks feature to send data directly to a Custom Incident Impact Source in Sleuth.

PreviousCustomNextCI/CD builds

Last updated 1 year ago

Was this helpful?

Please note that this is just one possible scenario on how you could use Grafana to feed Incident information to Sleuth. If you have a different process, you might need to adjust the steps/settings.

Registering a new Incident

Within your Grafana OnCall dashboard, navigate to the Outgoing webhooks page and click + New Outgoing Webhook:

In the next step, select Advanced to ensure you can customize your webhook as much as possible:

  • Provide a (preferably descriptive) name for your webhook, e.g. Sleuth - New Incident.

  • Select a Trigger Type from the dropdown. For the purpose of this example, we're choosing Alert Group Created.

  • Set the HTTP Method to POST.

  • Copy the Impact registration POST URL from Sleuth's Custom Impact Source setup modal and paste it into the Webhook URL field in Grafana.

  • Enter the following into the Webhook Headers field in Grafana:

    {
      "Content-Type": "application/json"
    }
  • Specify the Data you want Grafana to send Sleuth, leveraging the 5 fields the impact registration endpoint is currently able to accept:

    {
      "type": "triggered",
      "id": "{{alert_group_id}}",
      "title": "{{alert_payload.oncall.message}}",
      "date": "{{alert_group.created_at}}",
      "url": "{{alert_group.permalinks.web}}"
    }

Please make sure to deactivate the Forward All toggle to ensure only your custom payload is sent to Sleuth's impact registration endpoint.

Closing an Incident

The process is mostly the same as for registering a new Incident, with the difference being the Name of the webhook, the Trigger Type, which needs to be set to Resolved, and the content of the Data field, which only needs to contain the following:

  • Provide a (preferably descriptive) name for your webhook, e.g. Sleuth - Incident Resolved.

  • Select a Trigger Type from the dropdown. For the purpose of this example, we're choosing Resolved.

  • Set the HTTP Method to POST.

  • Copy the Impact registration POST URL from Sleuth's Custom Impact Source setup modal and paste it into the Webhook URL field in Grafana.

  • Enter the following into the Webhook Headers field in Grafana:

    {
      "Content-Type": "application/json"
    }
  • Specify the Data you want Grafana to send Sleuth, leveraging the 5 fields the impact registration endpoint is currently able to accept:

    {
      "type": "resolved",
      "id": "{{alert_group_id}}",
      "title": "{{alert_payload.oncall.message}}",
      "date": "{{alert_group.created_at}}",
      "url": "{{alert_group.permalinks.web}}"
    }

Please make sure to deactivate the Forward All toggle to ensure only your custom payload is sent to Sleuth's impact registration endpoint.

Both above examples use Grafana's response's default data structure to extract data that correspond to fields for Sleuth's custom incident events. The only mandatory field istype, all others are optional and can thus be omitted from the response definition.

Without a unique identifier in both payloads, however, Sleuth will not be able to match the triggered and resolved events belonging to the same incident, and upon receiving a webhook with resolved, will resolve all active Incidents for that impact source.