Skip to main content


ElastAlert Integration Guide

ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. ElastAlert works with all versions of Elasticsearch.

What can Zenduty do for Elastalert users?

With Elastalert's Integration, Zenduty sends new Elastalert alerts to the right team and notifies them based on on-call schedules via email, text messages(SMS), phone calls(Voice), Slack, Microsoft Teams and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed. Zenduty provides your NOC, SRE and application engineers with detailed context around the Elastalert alert along with playbooks and a complete incident command framework to triage, remediate and resolve incidents with speed.

Whenever Elastalert triggers an alert based on a predefined condition, Zenduty will create an incident. When that condition goes back to normal levels, Zenduty will auto-resolve the incident.

You can also use Alert Rules to custom route specific Elastalert alerts to specific users, teams or escalation policies, write suppression rules, auto add notes, responders and incident tasks.

To integrate Elastalert with Zenduty, complete the following steps:

In Zenduty:

  1. To add a new Elastalert integration, go to Teams on Zenduty and click on the team you want to add the integration to.
  2. Next, go to Services and click on the relevant Service.
  3. Go to Integrations and then Add New Integration. Give it a name and select the application ElasticAPM from the dropdown menu.
  4. Go to Configure under your integrations and copy the Webhook URL generated.

In Elastalert:

  1. Copy the following code snippet and add the Zenduty webhook URL for http_post_url
  2. Paste this code in the configuration YAML file for ElastAlert.
alert: post
http_post_url: <Past the Integration url from zenduty>
  title: <Incident_title>
  description: <Incident_summary or description>
  status: <status>
  id: <entity_id>
http_post_all_values: true

Example :

alert: post
http_post_url: ""
  title: Incident_1
  description: Memory issue
  status: Triggered
  id: 2
http_post_all_values: true
Note : Zenduty creates incidents for each alert type based on their respective statuses.
Status Alert_type
Breached, Triggered Critical
Pending Acknowledged
Solved, Controlled, Resolved Resolved

Now Elastalert is integrated with Zenduty!

Zenduty SignUp