Skip to main content
All CollectionsAlertsAlert source integrations
Adding Monte Carlo as an alert source
Adding Monte Carlo as an alert source

Use Monte Carlo with incident.io to escalate and create incidents

George Mabey avatar
Written by George Mabey
Updated over a month ago

This article provides step by step instructions for setting up Monte Carlo as an alert source within incident.io. This will allow you to receive alerts, page the right people & open incidents when they are using Monte Carlo to detect data quality issues (eg: we don't have as many customer emails as we did yesterday).

🛠 Instructions to set up

1️⃣ Head over to the Alerts section in your incident.io dashboard

2️⃣ Select the Configuration -tab at the top of the page

3️⃣ Press the 'New alert source' button

4️⃣ Search for 'Monte Carlo' and click continue to create the alert source

5️⃣ Head over to the the notification settings page in Monte Carlo

6️⃣ Create an audience or edit an existing audience.

7️⃣ Name the Audience and select incident.io as the Recipient channel.

8️⃣ Enter the destination incident.io URL from incident.io and token if applicable.

9️⃣ [Optional] Name this recipient, as a single audience can have multiple recipients.

🔟 Create the audience

Alert events and updates

The following events receive an update to incident.io:

  1. Alert is created

  2. Alert is acknowledged

  3. Alert status is updated

  4. Alert owner is changed

  5. External ticket is attached to an alert (Jira, ServiceNow, etc.)

  6. Alert is marked as incident

  7. Alert is unmarked as incident

  8. Alert is resolved

Monte Carlo integration will use 'Last wins' in the alert updates, meaning that every new alert we receive with the same "incident_id", we'll update the fields to the newest value.

Incident.io uses "incident_id" as a deduplication key, so if there are other alerts coming with the same id, it will not create new alerts for them.

The following are the key fields that are changed by alert updates.

Webhook event

alert_feedback

declared_alert_severity

owner

Alert is created

null

null

not included in payload

Alert is acknowledged

investigating

--

--

Alert status is updated

investigating, no_status, work_in_progress, fixed, expected, no_action_needed, false_positive

--

--

Alert owner is changed

--

--

email of assigned owner

External ticket is attached to an alert

--

--

--

Alert is marked as incident

investigating (only if current is null or no_status)

SEV-1, SEV-2, SEV-3, SEV-4

--

Alert is unmarked as incident

--

null

--

Alert is resolved

fixed, expected, no_action_needed, false_positive

--

--

Related Articles
Can we mark incidents as sensitive and restrict access?
Creating escalations and incidents from alerts
Adding Nagios as an Alert Source
Creating incidents automatically via alerts
Did this answer your question?