Skip to main content
Webhooks provide near real-time alert collection compared to polling-based methods.

Overview

Alert Collectors in Warrn automatically gather alerts from external monitoring systems, normalize the data, and integrate them into your unified alert management workflow. Support for major platforms with flexible configuration and real-time collection.

Automated Collection

Continuous monitoring and collection from external platforms with configurable intervals.

Platform Support

Wide range of supported monitoring platforms including Prometheus, Grafana, and DataDog.

Supported Platforms

Monitoring Systems

    Cloud Platforms

    AWS CloudWatch

    CloudWatch alarms and composite alarms with SNS integration.

    Azure Monitor

    Azure Monitor alerts and action groups with webhook support.

    GCP Monitoring

    Google Cloud Monitoring policies and notification channels.

    Collector Configuration

    Collector Structure

    interface Collector {
  id: string;
  name: string;
  collector_type: string;
  collector_type_display_name: string;
  organization_id: string;
  
  // Configuration
  endpoint_url: string;
  authentication_config: AuthConfig;
  collection_config: CollectionConfig;
  
  // Scheduling
  interval_minutes: number;
  query_interval_minutes: number;
  
  // Status
  status: 'active' | 'inactive' | 'error' | 'testing';
  is_due_for_collection: boolean;
  
  // Metrics
  total_alerts_collected: number;
  last_collection_at?: string;
  last_error?: string;
  
  // Metadata
  created_at: string;
  updated_at: string;
}

    Authentication Methods

    Automated Collection

    Collection Process

    1

    Scheduled Execution

    Collectors run on configurable intervals (1-60 minutes) based on platform requirements.
    2

    Data Retrieval

    Fetch alerts from external platform using configured authentication and filters.
    3

    Data Normalization

    Transform platform-specific alert format into Warrn’s unified alert schema.
    4

    Deduplication

    Identify and merge duplicate alerts based on fingerprinting and similarity.
    5

    Storage & Processing

    Store normalized alerts and trigger configured workflows and notifications.

    Collection Intervals

    Smart Collection

    Warrn implements intelligent collection strategies to optimize performance: 
    const smartCollectionLogic = {
  // Adaptive intervals based on alert volume
  adaptiveInterval: (baseInterval: number, alertVolume: number) => {
    if (alertVolume > 100) return Math.max(baseInterval / 2, 60); // Speed up
    if (alertVolume < 10) return Math.min(baseInterval * 2, 1800); // Slow down
    return baseInterval;
  },
  
  // Exponential backoff for errors
  errorBackoff: (consecutiveErrors: number) => {
    return Math.min(300 * Math.pow(2, consecutiveErrors), 3600); // Max 1 hour
  },
  
  // Priority-based collection
  priorityCollection: (collectorType: string) => {
    const priorities = {
      'prometheus': 1,  // Highest priority
      'datadog': 2,
      'grafana': 3,
      'cloudwatch': 4   // Lowest priority
    };
    return priorities[collectorType] || 5;
  }
};

    Data Normalization

    Alert Schema Mapping

    External alerts are normalized into Warrn’s unified schema:
    Source Fields (Prometheus)
    {
  "fingerprint": "abc123",
  "status": "firing",
  "labels": {
    "alertname": "HighCPU",
    "severity": "warning",
    "instance": "web-1"
  },
  "annotations": {
    "summary": "High CPU usage",
    "description": "CPU > 80%"
  }
}
    Normalized Schema
    {
  "name": "HighCPU",
  "severity": "medium",
  "status": "open",
  "source_fingerprint": "abc123",
  "source_system": "prometheus",
  "labels": {
    "instance": "web-1",
    "original_severity": "warning"
  },
  "description": "CPU > 80%"
}

    Field Mapping Configuration

    interface FieldMapping {
  source_field: string;
  target_field: string;
  transform?: 'lowercase' | 'uppercase' | 'severity_map' | 'status_map';
  default_value?: any;
  required?: boolean;
}

// Example mapping for Prometheus
const prometheusMapping: FieldMapping[] = [
  {
    source_field: 'labels.alertname',
    target_field: 'name',
    required: true
  },
  {
    source_field: 'labels.severity', 
    target_field: 'severity',
    transform: 'severity_map'
  },
  {
    source_field: 'status',
    target_field: 'status', 
    transform: 'status_map'
  }
];

    Collector Management

    Collector Status Monitoring

      Collector Operations

      Activate

      Enable collector to start automated collection.

      Deactivate

      Temporarily disable collection without losing configuration.

      Trigger Collection

      Manually trigger immediate collection cycle for testing.

      View Details

      Access detailed configuration, logs, and metrics.

      Collector Health Monitoring

      interface CollectorHealth {
  collector_id: string;
  
  // Collection metrics
  successful_collections_24h: number;
  failed_collections_24h: number;
  average_collection_time_ms: number;
  
  // Error tracking
  consecutive_errors: number;
  last_error_at?: string;
  error_rate_percentage: number;
  
  // Performance metrics
  alerts_collected_24h: number;
  collection_lag_seconds: number;
  
  // Status indicators
  is_healthy: boolean;
  next_collection_at: string;
  is_overdue: boolean;
}

      Error Handling & Debugging

      Common Error Types

      Debugging Tools

      1

      Collection Logs

      View detailed logs of collection attempts, API responses, and error messages.
      2

      Test Collection

      Trigger manual collection to test configuration and troubleshoot issues.
      3

      Configuration Validation

      Validate collector configuration against platform requirements.
      4

      Performance Metrics

      Monitor collection performance, response times, and success rates.

      Advanced Configuration

      Filtering & Routing

      Configure intelligent filtering to collect only relevant alerts: 
      interface CollectionFilters {
  // Label-based filtering
  include_labels: Record<string, string[]>;
  exclude_labels: Record<string, string[]>;
  
  // Severity filtering
  minimum_severity: 'low' | 'medium' | 'high' | 'critical';
  
  // Time-based filtering  
  max_age_hours: number;
  only_active_alerts: boolean;
  
  // Content filtering
  title_patterns: string[];
  description_patterns: string[];
  
  // Custom routing
  service_mapping: {
    source_label: string;
    service_mapping: Record<string, string>;
  };
}

      Webhook Integration

      Set up webhook endpoints for real-time alert collection: 
      // Webhook endpoint configuration
const webhookConfig = {
  endpoint: '/webhooks/collectors/{collector_id}',
  authentication: {
    type: 'signature_verification',
    secret: 'webhook-secret-key',
    header: 'X-Webhook-Signature'
  },
  processing: {
    deduplicate: true,
    auto_resolve: true,
    batch_processing: false
  }
};

      Performance Optimization

      Collection Strategies

      Polling Strategy
      • Regular interval-based collection
      • Reliable but higher latency
      • Better for batch processing
      • Suitable for most platforms
      Webhook Strategy
      • Real-time push notifications
      • Lower latency, immediate updates
      • Requires platform webhook support
      • Network firewall considerations

      Scaling Considerations

      // Collector scaling configuration
const scalingConfig = {
  // Horizontal scaling
  max_concurrent_collectors: 10,
  collector_distribution_strategy: 'round_robin',
  
  // Vertical scaling
  max_memory_usage_mb: 512,
  max_cpu_usage_percent: 80,
  
  // Collection optimization
  batch_size: 100,
  connection_pooling: true,
  response_caching_seconds: 30
};

      Monitoring & Analytics

      Collection Metrics

      Track collector performance and health through comprehensive metrics:

        Health Dashboards

        Monitor collector health through dedicated dashboards:
        • Real-time Status: Current collector states and active collections
        • Performance Trends: Historical performance and capacity planning
        • Error Analysis: Error patterns, frequency, and resolution tracking
        • Alert Volume: Collection volume trends and anomaly detection

        API Reference

        Collector Management

        # List collectors
GET /api/collectors?status=active&type=prometheus

# Get collector details
GET /api/collectors/{id}

# Create collector
POST /api/collectors
{
  "name": "Production Prometheus",
  "collector_type": "prometheus",
  "endpoint_url": "https://alertmanager.prod.example.com/api/v1/alerts",
  "interval_minutes": 5,
  "authentication_config": {
    "type": "bearer_token",
    "token": "your-token"
  }
}

# Update collector
PATCH /api/collectors/{id}
{
  "interval_minutes": 3,
  "status": "active"
}

# Delete collector
DELETE /api/collectors/{id}

        Collector Operations

        # Activate collector
POST /api/collectors/{id}/activate

# Deactivate collector  
POST /api/collectors/{id}/deactivate

# Trigger manual collection
POST /api/collectors/{id}/collect

# Get collection history
GET /api/collectors/{id}/history?limit=50

# Get collector logs
GET /api/collectors/{id}/logs?level=error
        See the Collectors API documentation for complete endpoint details and configuration examples.
        I