ThousandEyes Alerts – API and Webhooks

Introduction

There are a few different ways of handling ThousandEyes alerts. Active alerts can be polled via the API, forwarded by email, sent to PagerDuty or via webhook. I will be covering alerting via API and notifications via webhooks.

API

Accessing the alerts API is simple. Examples from my previous post on the ThousandEyes API are relevant. Here is Python code to query and “pretty print” active alerts in json format:

By default only active alerts are returned. In order to pull back previous alerts, time ranges should be used. These are also referenced in the alerts API documenation. I will append ?window=5d in order to return active alerts:

Output (removed all but one test location):

Webhook

Webhooks are configured via the Alerts page. You provide a name and a URL, optionally providing basic HTTP authentication. You should use authentication and SSL/TLS to avoid sending the traffic in the clear.

ThousandEyesWebhook

 

Here is a simple webhook handler in Python. It does not include SSL/TLS or authentication and I would not use this for anything other than simple testing.

An event notification message is sent when an alert is triggered and a notification is sent when the condition has cleared.

Conclusion

I have covered how to pull back alert information via both the ThousandEyes API and receiving alerts via Webhooks. The next step would be to perform some sort of integration with a logging, management or ticketing system.