Alert is an event that triggered when something bad happens or going to happen. The term “alert” can sometimes be interchanged with “alarm” (in CloudWatch) or “monitor” (in Datadog).
You can easily initiate a Workflow when an alert is triggered.
A Provider serves as the building block for input/output in Keep.
Provider as a data source
Within the context of a Workflow, a Provider can:
- Query data - query Datadog’s API or runs a SQL query against a database.
- Push data - send a Slack message or create a PagerDuty incident.
Provider as an alert source
When you connect a Provider, Keep begins to read and process alerts from that Provider. For example, after connecting your Prometheus instance, you’ll start seeing your Prometheus alerts in Keep. A Provider can either push alerts into Keep, or Keep can pull alerts from the Provider.
Push alerts to Keep (Manual)
Configure your alert source to push alerts to Keep.
For example, consider Promethues. If you want to push alerts from Promethues to Keep, you’ll need to configure Promethues Alertmanager to send the alerts to ’https://api.keephq.dev/alerts/event/prometheus’ using API key authentication. Each Provider implements Push mechanism and documented under the specific Provider page.
Push alerts to Keep (Automatic)
In compatible tools, Keep can automatically integrate with the alerting policy of the source and add itself as an alert destination. You can learn more about Webhook Integration here.
Pull alerts by Keep
Keep also integrates with the alert APIs of various tools and can automatically pull alerts. While pulling is easier to set up (requiring only credentials), pushing is preferable when automation is involved.
- When Alert is triggered.
- In a predefined interval.
Workflows are commonly used to:
- Enrich your alerts with more context.
- Automate the response to alert.
- Create multi-steps alerts.
Keep is an API-first platform, meaning that anything you can do via the UI can also be accomplished through the API This gives you the flexibility to integrate Keep with your existing stack and to automate alert remediation and enrichment processes.