GCP Monitoring
GCP Monitoring provider allows you to get alerts and logs from GCP Monitoring via webhooks and log queries.
Overview
The GCP Monitoring Provider enables seamless integration between Keep and GCP Monitoring, allowing alerts from GCP Monitoring to be directly sent to Keep through webhook configurations. In addition to alerts, the provider now supports querying log entries from GCP Logging, enabling a comprehensive view of alerts and associated logs within Keep’s platform.
Connecting GCP Monitoring to Keep
Alert Integration via Webhook
To connect GCP Monitoring alerts to Keep, configure a webhook as a notification channel in GCP Monitoring and link it to the desired alert policy.
Step 1: Access Notification Channels
Log in to the Google Cloud Platform console. Navigate to Monitoring > Alerting > Notification channels.
Step 2: Add a New Webhook
Within the Webhooks section, click on ADD NEW.
Step 3: Configure the Webhook
In the Endpoint URL field, enter the webhook URL provided by Keep.
- Display Name: keep-gcpmonitoring-webhook-integration
- Enable Use HTTP Basic Auth and input the following credentials:
- Auth Username:
api_key - Auth Password:
%YOURAPIKEY%
- Auth Username:
Step 4: Save the Webhook Configuration
- Click Save to store the webhook configuration.
Step 5: Associate the Webhook with an Alert Policy
Navigate to the alert policy you wish to send notifications from to Keep.
- Click Edit.
- Under “Notifications and name,” find the Notification Channels section and select the
keep-gcpmonitoring-webhook-integrationchannel you created. - Save the changes by clicking on SAVE POLICY.
Step 6: Review the Alert in Keep
Once the setup is complete, alerts from GCP Monitoring will start appearing in Keep.
Log Query Integration
The GCP Monitoring Provider also supports querying logs from GCP Logging, allowing you to fetch log entries based on specific filters. This is helpful for enriching alert data with related logs or for monitoring specific events in Keep.
Authentication Requirements
To enable log querying, you need to provide a service account JSON file with the logs.viewer role. This service account should be configured in the authentication section of your GCP Monitoring Provider configuration.
Querying Logs
The provider’s query function supports filtering logs based on criteria such as resource type, severity, or specific keywords. You can specify a time range for querying logs using timedelta_in_days, and control the number of entries with page_size.
Example Usage
Here’s an example of how you might use the provider to query log entries:
This will return logs of severity “ERROR” related to Cloud Run revisions from the past day.
Log Scopes
To read logs, the provider requires the following IAM role:
• roles/logs.viewer - Allows the provider to read log entries.
Post Installation Validation
To validate both alerts and logs, follow these steps:
- Alert Validation: Test the webhook by triggering an alert in GCP Monitoring and confirm it appears in Keep.
- Log Query Validation: Execute a simple log query and verify that log entries are returned as expected.