Got an interesting example of how would you use Keep? Feel free to submit a new example issue and we’ll credit you when we add it!

Create an incident only if the customer is on Enterprise tier

In this example we will utilize:

  1. Datadog for monitoring
  2. OpsGenie for incident management
  3. A postgres database that stores the customer tier.

This example consists of two steps:

  1. Connect your tools - Datadog, OpsGenie and Postgres.
  2. Create a workflow that is triggered by the alert, runs an SQL query, and decides whether to create an incident. Once the workflow is created, you can upload it via the Workflows page.
alert:
  id: enterprise-tier-alerts
  description: Create an incident only if the customer is enterprise.
  triggers:
    - type: alert
      filters:
        - key: source
          value: datadog
        - key: name
          value: YourAlertName
  steps:
    - name: check-if-customer-is-enterprise
      provider:
        type: postgres
        config: "{{ providers.postgres-prod }}"
        with:
          # Keep will replace {{ alert.customer_id }} with the customer id
          query: "SELECT customer_tier, customer_name FROM customers_table WHERE customer_id = {{ alert.customer_id }} LIMIT 1"
  actions:
    - name: opsgenie-incident
      # trigger only if the customer is enterprise
      condition:
      - name: verify-true
        type: assert
        assert: "{{ steps.check-if-customer-is-enterprise.results[0] }} == 'enterprise'"
      provider:
        type: opsgenie
        config: " {{ providers.opsgenie-prod }} "
        with:
          message: "A new alert on enterprise customer ( {{ steps.check-if-customer-is-enterprise.results[1] }} )"

Send a slack message for every Cloudwatch alarm

  1. Connect your Cloudwatch(/es) and Slack to Keep.
  2. Create a simple Workflow that filters for CloudWatch events and sends a Slack message:
workflow:
  id: cloudwatch-slack
  description: Send a slack message when a cloudwatch alarm is triggered
  triggers:
    - type: alert
      filters:
        - key: source
          value: cloudwatch
  actions:
    - name: trigger-slack
      provider:
        type: slack
        config: " {{ providers.slack-prod }} "
        with:
          message: "Got alarm from aws cloudwatch! {{ alert.name }}"

Monitor a HTTP service

Suppose you want to monitor an HTTP service. All you have to do is upload the following workflow:

workflow:
  id: monitor-http-service
  description: Monitor a HTTP service each 10 seconds
  triggers:
    - type: interval
      value: 10
  steps:
  - name: simple-http-request
    provider:
    type: http
    with:
        method: GET
        url: 'https://YOUR_SERVICE_URL/'
        timeout: 2
        verify: true
  actions:
    - name: trigger-slack
      condition:
        - name: assert-condition
          type: assert
          assert: '{{ steps.simple-http-request.results.status_code }} == 200'
      provider:
        type: slack
        config: ' {{ providers.slack-prod }} '
        with:
          message: "HTTP Request Status: {{ steps.simple-http-request.results.status_code }}\nHTTP Request Body: {{ steps.simple-http-request.results.body }}"
  on-failure:
    # Just need a provider we can use to send the failure reason
    provider:
      type: slack
      config: ' {{ providers.slack-prod }} '
Alert DeduplicationGetting started