Keep

Login

Keep is an open-source alert management and automation tool that provides everything you need to create and manage alerts effectively.

Introduction

Key concepts

Use cases

Examples

Comparison to other tools

Overview

Providers

Alerts

Workflows

Workflow builder

Settings

A Provider is a component of Keep that enables it to interact with third-party products. It is implemented as extensible Python code, making it easy to enhance and customize.

Fingerprints are unique identifiers associated with alert instances in Keep. Every provider declares the fields fingerprints are calculated upon

Fingerprints

Azure AKS provider to view kubernetes resources.

Azure AKS

Axiom Provider is a class that allows to ingest/digest data from Axiom.

Axiom Provider

CloudWatch Logs Provider is a provider used to query AWS CloudWatch Logs

CloudWatch Logs

AWS CloudWatch Logs

CloudWatch Metrics Provider is a provider used to query AWS CloudWatch Metrics

CloudWatch Metrics

AWS CloudWatch Metrics

Console provider is sort of a mock provider that projects given alert message to the console.

Console Provider

Console

Datadog provider allows you to query Datadog metrics and logs for monitoring and analytics.

Datadog Provider

Datadog

Kibana provider allows you get alerts from Kibana Alerting via webhooks.

Kibana Provider

Kibana

Discord provider is a provider that allows to send notifications to Discord

Discord Provider

Discord

Elastic provider is a provider used to query Elastic Search (tested with elastic.co)

Elastic Provider

Elastic

Grafana Provider allows either pull/push alerts from Grafana to Keep.

Grafana Provider

Grafana Oncall Provider is a class that allows to ingest/digest data from Grafana On-Call.

Grafana Oncall Provider

HTTP Provider is a provider used to query/notify using HTTP requests

HTTP Provider

Jira provider is a provider used to query data and creating issues in Jira

Jira Provider

Template Provider is a template for newly added provider's documentation

Mock Provider

Mock

MySQL Provider is a provider used to query MySQL databases

MySQL Provider

MySQL

New Relic Provider enables querying AI alerts and registering webhooks.

New Relic Provider

New Relic

OpsGenie Provider is a provider that allows to create alerts in OpsGenie.

Opsgenie Provider

Pagerduty Provider is a provider that allows to create incidents or post events to Pagerduty.

Pagerduty Provider

PostgreSQL Provider is a provider used to query POSTGRES databases

PostgreSQL Provider

PostgreSQL

Pushover Provider

Pushover

Sentry provider allows you to query Sentry events and to pull/push alerts from Sentry

Sentry Provider

Sentry

Zabbix provider allows you to pull/push alerts from Zabbix

Zabbix Provider

Zabbix

Slack provider is a provider that allows to send notifications to Slack

Slack Provider

Slack

Snowflake Provider

Snowflake

The `SSH Provider` is a provider that provides a way to execute SSH commands and get their output.

SSH Provider

Teams Provider is a provider that allows to notify alerts to Microsoft Teams chats.

Teams Provider

Telegram Provider is a provider that allows to notify alerts to telegram chats.

Telegram Provider

Trello provider is a provider used to query data from Trello

Trello Provider

Trello

Twilio Provider is a provider that allows to notify alerts via SMS using Twilio.

Twilio Provider

Zenduty Provider

Zenduty

Resend Provider

Resend

Websocket

At Keep, we view alerts as workflows, which consist of a series of steps executed in sequence, each with its own specific input and output. To keep our approach simple, Keep's syntax is designed to closely resemble the syntax used in GitHub Actions. We believe that GitHub Actions has a well-established syntax, and there is no need to reinvent the wheel.

Basic Syntax

Foreach syntax add the flexability of running action per result instead of only once on all results.

Foreach Syntax

Foreach

Keep uses [Mustache](https://mustache.github.io/) syntax to inject context at runtime, supporting functions, dictionaries, lists, and nested access.

Content Syntax

Working with context

What is a Condition?

❓ What is a Condition

Threshold

🎯 Threshold

Assert

The 'stddev' condition implements standard deviation logic. It takes a list or a list of lists, along with a standard deviation threshold ('compare_to'), and returns all values that are farther away from the mean than the standard deviation.

stddev

🎯 Stddev (Standard Deviation)

In Keep's context, functions extend the power of context injection. For example, if a step returns a list, you can use the `keep.len` function to count and use the number of results instead of the actual results.

What is a Function?

all(iterable)

diff

diff(iterable)

len(iterable)

split

string(string, delimeter)

first

first(iterable)

utcnow

to_utc

datetime_compare

encode

encode(string)

The purpose of throttling is to prevent any action from being triggered too many times, thus generating too many alerts.

What is a Throttle?

The action will trigger once the alert is resolved.

One Until Resolved

Breakdown of the alert and further explanations can be found in the bottom of this page.

Overview

Platform

Providers

Workflows

Keep API

Keep CLI

Development

Introduction

What’s alert?

What problem does Keep solve?

How does Keep integrate with the alerts?

Overview

Platform

Providers

Workflows

Keep API

Keep CLI

Development

​What’s alert?

​What problem does Keep solve?

​How does Keep integrate with the alerts?

What’s alert?

What problem does Keep solve?

How does Keep integrate with the alerts?