Integrations
OpenObserve
Overview
This document provides a detailed guide to integrating OpenObserve with Callgoose SQIBS for real-time Incident Management, log/metric/trace-based alerting, and automated incident resolution.
The integration uses OpenObserve Webhooks to send alert event payloads directly to Callgoose, where API Filters convert them into incidents that are automatically created and resolved.
Prerequisites
Before beginning, ensure you have the following:
- A Callgoose SQIBS account with permissions to create API Filters and access the integration endpoint.
- An OpenObserve workspace with admin-level access to Alerts and Notification Channels.
- A valid Callgoose API token and Api endpoint URL.
- A test OpenObserve alert rule (recommended) for validating webhook delivery and payloads.
1. Prepare Callgoose: Obtain Endpoint and Token
1.1 Retrieve Callgoose API Endpoint
Generate or locate your Callgoose process endpoint:
https://****.callgoose.com/v1/process?from=OpenObserve&token=xxxx
Store the API token securely and never commit it to source control.
2. Configure OpenObserve Webhook
2.1 Choose the Webhook Scope
You can configure the webhook at:
- Global Notification Channel level
- Settings → Notifications → Add Channel → Webhook
- Alert Rule level
- Alerts → Create Alert → Add Notification → Webhook
OpenObserve allows sending events for logs, metrics, traces, and anomaly-based alerts.
2.2 Configure Webhook Fields
Set the following options:
- Webhook URL:
- Callgoose endpoint from Step 1
- HTTP Method:
- POST
- Content Type:
- application/json
- Send Resolved Alerts:
- Must be Enabled for auto-resolution in Callgoose.
Save and enable the webhook.
2.3 Verification Headers
OpenObserve includes security headers depending on configuration:
- X-OpenObserve-Signature — HMAC signature verifying payload integrity
- X-OpenObserve-Event — Type of alert event sent
- X-OpenObserve-Source — Alerting source (logs / metrics / traces)
If you use an intermediary receiver, you may validate these headers before forwarding to Callgoose.
3. Example OpenObserve Payloads
A simplified OpenObserve alert event body:
{
"status": "firing",
"alert_name": "High Error Count",
"alert_id": "oo-alert-67382",
"severity": "critical",
"description": "Error rate exceeded threshold (50+ errors/min)",
"fired_at": "2025-10-01T12:05:00Z",
"labels": {
"service": "auth-service",
"region": "eu-central"
},
"values": {
"error_count": 138
}
}
Resolved state example:
{
"status": "resolved",
"alert_name": "High Error Count",
"alert_id": "oo-alert-67382",
"resolved_at": "2025-10-01T12:15:22Z"
}
Inspect your actual payloads inside Callgoose API Log and use those fields in your API Filter mappings.
4. Create API Filters in Callgoose SQIBS
Callgoose API Filters convert incoming OpenObserve webhooks into incidents.
Use two filters:
Trigger Filter (create incident)
Resolve Filter (auto-resolve)
4.1 Trigger Filter — Create Incident
Use the following settings:
- Payload JSON Key: status
- Key Value Contains: firing
- Map Incident With: alert_id
- Incident Title: alert_name
- Incident Description: description (optional — leave empty to use full JSON)
This filter creates an incident whenever OpenObserve fires a new alert.
4.2 Resolve Filter — Auto-Resolve Incident
Use the following settings:
- Payload JSON Key: status
- Key Value Contains: resolved
- Incident Mapped With: alert_id
This ensures the incident is resolved when the corresponding OpenObserve alert clears.
5. Verify and Test the Integration
5.1 Test Initial Delivery
- Create a broad test filter in Callgoose.
- Trigger a Test Webhook from OpenObserve.
- Confirm Callgoose receives the payload in API Logs.
5.2 View Exact Payload
Use Callgoose’s API request logs to inspect the exact JSON payload.
Copy field names directly from these logs for accurate filter configuration.
5.3 Final Verification
- Trigger an alert in OpenObserve → Incident should be created
- Clear the alert condition → Incident should be auto-resolved
- Confirm mapping consistency using alert_id
6. Troubleshooting
Incoming Payload Not Received
- Check OpenObserve webhook logs
- Verify the endpoint URL and token
- Ensure no filter mismatch in Callgoose
- Confirm HTTPS connectivity
Incidents Not Auto-Resolving
- Check if OpenObserve sent status=resolved
- Ensure same alert_id is used for both creation & resolution
- Confirm resolved alerts are enabled in Notification settings
Wrong or Missing Payload Fields
- Inspect live payloads in OpenObserve → Webhook delivery logs
- Update API Filters to match the exact field structure
- Re-test using firing + resolved conditions
7. Conclusion
Integrating OpenObserve with Callgoose SQIBS enables fully automated incident creation and resolution based on log, metric, and trace alerts. By configuring OpenObserve webhooks and mapping them through Callgoose API Filters, teams gain real-time visibility into system errors, performance anomalies, and service degradation.
With clean Trigger and Resolve filters, this integration ensures that observability alert spikes instantly become actionable incidents—and clearing the alert automatically closes the loop, improving operational reliability.
For further customization or advanced use cases, refer to:
