What’s new in LogicMonitor? Explore the latest innovations advancing Autonomous IT

Read more
Platform
Solution
Industry
Role
There is no result.

Edwin AI Grafana Integration

Last updated - 12 May, 2026

Use the LogicMonitor Edwin AI Grafana Integration to receive alert events in Edwin AI from your Grafana environment. This integration enables automated response, alert enrichment, and cross-platform incident correlation in real time using custom webhooks.

This integration supports structured JSON payloads using the Edwin Common Event Format (CEF) to enrich event data with test metrics, rule metadata, and more.

Requirements for Configuring Edwin AI Elastic Integration

To configure the Edwin AI Grafana Integration, you need the following:

Configuring the Edwin AI Elastic Integrtation Webhook

  1. Configure a webhook notification in Grafana.
    For more information, see Configure webhook notifications from Grafana.
  2. Include the following details in a new contact point:
    • Add a Name
    • Select “Webhook” from the Contact point type dropdown menu.
    • In the URL field, enter https://<accountname>.dexda.ai/integration/event/v1 
    • Select Optional Webhook settings and apply the following:
      • HTTP Method—POST
      • HTTP Basic Auth Username—Edwin API client ID
      • HTTP Basic Auth Password—Edwin API client secret
      • Enter custom payload template (See Custom Payload Template Example.)
  3. Attach the contact point you create directly to an alert rule, or route alerts to it through a notification policy.
    For more information, see Creating and Editing Alert Rules and  Attaching Alert Rules to Your Webhook from Grafana.

The webhook notification now sends events to Edwin AI.

Custom Payload Template Example

A Custom Payload Template is required when creating a notification webhook in Grafana for Edwin AI to use.

The following payload example dynamically maps Grafana alert data to the Edwin AI CEF structure:

[
  {{- range $i, $a := .Alerts -}}
    {{- if $i }},{{ end }}
    {
      "cef": {
        "eventCi":
          {{- if (index $a.Labels "instance") -}}
            {{ index $a.Labels "instance" | data.ToJSON }}
          {{- else if (index $a.Labels "host") -}}
            {{ index $a.Labels "host" | data.ToJSON }}
          {{- else if (index $a.Labels "node") -}}
            {{ index $a.Labels "node" | data.ToJSON }}
          {{- else if (index $a.Labels "pod") -}}
            {{ index $a.Labels "pod" | data.ToJSON }}
          {{- else if (index $a.Labels "job") -}}
            {{ index $a.Labels "job" | data.ToJSON }}
          {{- else -}}
            "unknown"
          {{- end }},
        "eventObject":
          {{- if (index $a.Labels "resource") -}}
            {{ index $a.Labels "resource" | data.ToJSON }}
          {{- else if (index $a.Labels "device") -}}
            {{ index $a.Labels "device" | data.ToJSON }}
          {{- else if (index $a.Labels "mountpoint") -}}
            {{ index $a.Labels "mountpoint" | data.ToJSON }}
          {{- else if (index $a.Labels "job") -}}
            {{ index $a.Labels "job" | data.ToJSON }}
          {{- else if (index $a.Labels "alertname") -}}
            {{ index $a.Labels "alertname" | data.ToJSON }}
          {{- else -}}
            "Grafana Alert"
          {{- end }},
        "eventName":
          {{- if (index $a.Labels "alertname") -}}
            {{ index $a.Labels "alertname" | data.ToJSON }}
          {{- else -}}
            "Grafana Alert"
          {{- end }},
        "eventDescription":
          {{- if (index $a.Annotations "summary") -}}
            {{ index $a.Annotations "summary" | data.ToJSON }}
          {{- else if (index $a.Annotations "description") -}}
            {{ index $a.Annotations "description" | data.ToJSON }}
          {{- else if (index .CommonAnnotations "summary") -}}
            {{ index .CommonAnnotations "summary" | data.ToJSON }}
          {{- else if (index .CommonAnnotations "description") -}}
            {{ index .CommonAnnotations "description" | data.ToJSON }}
          {{- else -}}
            "Grafana alert notification"
          {{- end }},
        "eventDetails":
          {{- if (index $a.Annotations "description") -}}
            {{ index $a.Annotations "description" | data.ToJSON }}
          {{- else if (index $a.Annotations "summary") -}}
            {{ index $a.Annotations "summary" | data.ToJSON }}
          {{- else if (index .CommonAnnotations "description") -}}
            {{ index .CommonAnnotations "description" | data.ToJSON }}
          {{- else if (index .CommonAnnotations "summary") -}}
            {{ index .CommonAnnotations "summary" | data.ToJSON }}
          {{- else -}}
            ""
          {{- end }},
        "eventSeverity":
          {{- if eq $a.Status "resolved" -}}0
          {{- else if eq (index $a.Labels "severity") "fatal" -}}6
          {{- else if eq (index $a.Labels "severity") "critical" -}}5
          {{- else if eq (index $a.Labels "severity") "major" -}}4
          {{- else if eq (index $a.Labels "severity") "high" -}}4
          {{- else if eq (index $a.Labels "severity") "minor" -}}3
          {{- else if eq (index $a.Labels "severity") "warning" -}}2
          {{- else if eq (index $a.Labels "severity") "info" -}}1
          {{- else -}}4
          {{- end }},
        "eventTimestamp": {{ $a.StartsAt.UnixMilli }},
        "eventSource":
          {{- if (index $a.Labels "event_source") -}}
            {{ index $a.Labels "event_source" | data.ToJSON }}
          {{- else -}}
            "Grafana"
          {{- end }},
        "sourceRecord": {{ $a | data.ToJSON }},
        "class": "event",
        "version": "1.0"
      },
      "enrichments": {}
    }
  {{- end -}}
]

For more information, see Event Records

14-day access to the full LogicMonitor platform