External Event Detection¶
Current Document Location
This document is the second step in the detection rule configuration process. After configuration, please return to the main document to continue with the third step: Associate Incident.
The External Event Detection feature is used to receive anomaly records from third-party systems. When these records are sent to the system via the Webhook address preset in the detection rule, the system automatically converts them into standard monitor events. These events can then be further associated with alert strategies and visual dashboards to achieve unified monitoring management.
It is suitable for sending anomaly events or records generated by third-party systems (such as Prometheus, Zabbix, Nagios, etc.) to Guance via a specified URL address using POST requests, generating event data to achieve cross-platform unified alert management.
Application Scenarios¶
- Integrate third-party monitoring systems to unify scattered alerts onto the Guance platform.
- Receive anomaly events from custom business systems to implement business monitoring alerts.
- Consolidate monitoring data from multi-cloud and hybrid cloud environments for unified display and analysis.
Default Configuration¶
Basic Configuration¶
| Configuration Item | Description |
|---|---|
| Monitor Name | Custom monitor name, used to identify this external event detector. |
| Webhook Address | The system automatically generates a unique Webhook address by default. Supports custom appended parameters to mark the address purpose. Format: http://<domain>/api/v1/push-events/<random-string>Third-party systems need to send anomaly events to this address via POST requests. |
Event Data Format¶
External event data is actively reported to the Guance center by third-party systems, providing necessary event data. Events can only be generated and anomaly records created if corresponding fields are detected and matched.
Required Fields (The five fields under the event object must be included for successful matching with the system side):
| Field | Type | Description |
|---|---|---|
status |
string | Event status. Optional values: fatal, error, warning, info, ok. |
title |
string | Event title, used to describe the core content of the event. |
message |
string | Event details, used to describe the specific information of the event. |
dimension_tags |
object | Dimension tags, used to identify the event source, e.g., {"host": "server01", "service": "nginx"}. |
check_value |
number | Detection value, a numerical value used for trigger condition judgment. |
Optional Fields:
| Field | Type | Description |
|---|---|---|
extraData |
object | Custom extension fields, can be used for variable substitution in event notification templates. |
Request Example:
{
"event": {
"status": "warning",
"title": "External Event Monitor Test1",
"message": "Hello, this is the message from the external event monitor.",
"dimension_tags": {"heros": "caiwenji"},
"check_value": 20
},
"extraData": {
"name": "xxxxxxxx"
}
}
For more details, please refer to External Event Monitor Event Reception.
Subsequent Configuration¶
After completing the detection rule configuration, you also need to perform the following related settings:
-
Alert Configuration: Select alert strategies, set notification targets and mute periods;
-
Associate: Associate dashboards for quick jump to view data;
-
Permission: Set operation permissions to control who can edit/delete this monitor.