Incident Integrator

Panoramic Data’s Incident Integrator provides Alert Notification suppression, deduplication, Incident and Problem functions at the interface between your Alert Notification system and your Incident Management System. It is therefore particularly valuable for customers of:

  • LogicMonitor
  • ServiceNow
  • AutoTask
  • Microsoft Dynamics

Service Description

The Incident Integrator is Software as a Service that runs in:

  • Panoramic Data’s Azure instance
    • Fair use limits apply – if more than 100,000 Alert Notifications are processed in any given day, PDL reserves the right to invoice for an additional daily fee of £50 per additional up-to-100,000 Alert Notifications per day.
  • A customer’s Azure instance

The Service accepts incoming Alert Notifications from supported “Alert Management Systems” in JSON format, which include:

  • LogicMonitor

It will discard any Alert Notification that does not meet specified criteria, which may be:

  • Any information present on the Alert Notification (e.g. “lower than Error level” or “the ‘environment’ custom property is set to ‘test’.”).

The Alert Notification’s “Problem Signature” can be constructed from any combination of fields from the incoming message:

  • For LogicMonitor, just the Alert ID is sufficient for this purpose

The Problem Signature is used to try to find an active Incident in one of the following supported Issue Management Systems:

  • ServiceNow
  • AutoTask
  • Microsoft Dynamics 365

If a matching, active Incident is found:

  • The System can optionally add a Comment to the Incident
  • The format of the Comment summary and message can be configured, and may contain any of the fields present in the incoming Alert Notification JSON
  • A templating language (NCalc) can be used to transform Alert Notification Fields into corresponding Issue Management System field outputs (e.g. “Website” + “Error” -> “P2”)

If no matching, active Incident is found, a new Incident is created:

  • Any Incident fields can be set providing this is permitted by the Issue Management System’s API
  • Incident fields can be configured to contain any combination of Alert Notification fields
  • NCalc can be used to transform Alert Notification Fields, as above

When creating an Incident, a “Problem Type” is determined, based on any combination of Alert Notification input fields.

Per Problem Type, if more than a configurable number of Incidents with the same Problem Signature have been created within a configurable amount of time (e.g. 3 in one day), a Problem can be created and:

  • Any Problem fields can be set providing this is permitted by the Issue Management System’s API
  • Problem fields can be configured to contain any combination of Alert Notification fields
  • NCalc can be used to transform Alert Notification Fields, as above

Single-parent dependency chains may be configured in the Alert Management System:

  • These can be used to delay and suppress issues caused by upstream device outages
  • The customer is responsible for configuring this information in the Alert Management System

When an Alert Notification is received for a device with a configured parent:

  • The Incident creation process is delayed for a configurable amount of time
  • If an Incident exists for the Parent device or any of its ancestors (the “Parent Incident”)
  • The new Incident is NOT created
  • The Parent Incident may have the Comment added (if this is so configured).

PDL provides the following services, up to 40 hours per annum as part of the subscription fee:

  • Service deployment
  • Service configuration
  • Alert Management System configuration
  • Service support

PDL provides System maintenance at no fee for active subscriptions.

The Subscription period will start effective the first date that the system is integrated with the customer’s production Incident Management System. Invoices will be issued after the Subscription period starts.