Menu
Documentationbreadcrumb arrow Grafana Cloudbreadcrumb arrow Alerts and IRMbreadcrumb arrow IRMbreadcrumb arrow Configurebreadcrumb arrow Integrationsbreadcrumb arrow Integration referencebreadcrumb arrow OnCall integrationsbreadcrumb arrow ElastAlert
Grafana Cloud

ElastAlert integration for Grafana IRM

The ElastAlert integration for Grafana IRM handles ticket events sent from ElastAlert webhooks. The integration provides grouping, auto-acknowledge and auto-resolve logic via customizable alert templates.

Configure Grafana IRM to receive alerts from ElastAlert

  1. In Grafana IRM, navigate to IRM > Integrations > Monitoring Systems
  2. Click + New integration
  3. Select ElastAlert from the list of available integrations
  4. Enter a name and description for the integration, click Create
  5. A new page will open with the integration details. Copy the IRM Integration URL from HTTP Endpoint section

Configure ElastAlert to send alerts to Grafana IRM

To send an alert from ElastAlert to a webhook, follow these steps:

Note

Refer to ElastAlert http-post docs for more details

  1. Open your ElastAlert configuration file (e.g., config.yaml)

  2. Locate the alert section

  3. Add the following configuration for the webhook alert:

    yaml 
    alert: post
http_post_url: 'http://example.com/api'
http_post_static_payload:
  title: abc123

    Replace "abc123" with a suitable name for your alert, and "http://example.com/api" with IRM Integration URL

  4. Save the configuration file

After configuring the webhook, ElastAlert will send alerts to the specified endpoint when triggered. Make sure your webhook endpoint is configured to receive and process the incoming alerts.

Grouping, auto-acknowledge and auto-resolve

Grafana IRM provides grouping, auto-acknowledge and auto-resolve logic for the ElastAlert integration:

  • Alerts created from ticket events are grouped by ticket ID
  • Alert groups are auto-acknowledged when the ticket status is set to “Pending”
  • Alert groups are auto-resolved when the ticket status is set to “Solved”

To customize this behaviour, consider modifying alert templates in integration settings.

Configure ElastAlert to send heartbeats to Grafana IRM Heartbeat

Add the following rule to ElastAlert

yaml 
index: elastalert_status
type: any
alert: post
http_post_url: { { heartbeat_url } }
realert:
  minutes: 1
alert_text: elastalert is still running
alert_text_type: alert_text_only