External Event Detection¶

The external event detection feature is used to receive anomaly records from third-party systems. When these records are transmitted to Guance via the preset Webhook address in the detection rules, the system automatically converts them into standard monitor events. These events can then be associated with alert strategies and visualized dashboards for unified monitoring management.

Use Cases¶

Send anomaly events or records generated by third-party systems to the HTTP server via a specified URL address using the POST method to generate event data in Guance.

Default Configuration¶

1. Monitor Name: Supports custom names.
2. Webhook Address: A Webhook address is generated by default when entering the creation page. Custom parameters can be appended to mark the purpose of the address.

External event data is actively reported to the Guance center by third-party systems, providing necessary event data. Events are generated and anomaly records are created for alerts only when corresponding fields are detected and matched.

Required fields can be seen in the example below: The five major fields under event must be included to successfully match with the Guance side. extra_data is a custom-added field:

{
    "event": {
        "status": "warning",
        "title": "External event monitor test 1",
        "message": "Hello, this is the message of the external event monitor",
        "dimension_tags": {"heros": "caiwenji"},
        "check_value": 20
    },
    "extraData": {
        "name": "xxxxxxxx"
    }
}

For more details, refer to External Event Monitor Event Reception.

Other Configurations¶

For more details, refer to Rule Configuration.