Event Sources & Integration
Tripl-i provides universal connectivity to your entire monitoring ecosystem. Our platform ingests events from any monitoring tool, normalizes diverse formats, and creates a unified operational view across all your systems.
Supported Event Sources
Enterprise Monitoring Platforms
Nagios & Nagios XI
Integration Method: Webhook & API
Real-time Support: Yes
Bidirectional: Yes
Data Collected:
- Host and service states
- Performance metrics
- Check results and outputs
- Acknowledgments and downtime schedules
- Custom variables and macros
Key Features:
- Automatic severity mapping (OK, Warning, Critical, Unknown)
- Service and host grouping
- Notification suppression during maintenance
- Performance data extraction
- Custom attribute preservation
Zabbix
Integration Method: Webhook & API Polling
Real-time Support: Yes
Bidirectional: Yes
Data Collected:
- Trigger events
- Item values and metrics
- Host information
- Maintenance windows
- Event acknowledgments
Key Features:
- Trigger severity mapping
- Host group correlation
- Maintenance mode awareness
- Macro expansion
- Historical data access
Prometheus & AlertManager
Integration Method: Webhook
Real-time Support: Yes
Bidirectional: No
Data Collected:
- Alert rules and states
- Label sets
- Annotations
- PromQL query results
- Silence periods
Key Features:
- Label-based enrichment
- Multi-dimensional metrics
- Silence synchronization
- Recording rule support
- Grafana dashboard linking
Cloud Platform Monitoring
AWS CloudWatch
Integration Method: EventBridge & API
Real-time Support: Yes
Bidirectional: Limited
Data Collected:
- CloudWatch alarms
- Custom metrics
- Log insights
- X-Ray traces
- AWS service events
Key Features:
- Multi-region support
- Service-specific parsing
- Cost anomaly detection
- Auto-scaling events
- Lambda function metrics
Azure Monitor
Integration Method: Webhook & REST API
Real-time Support: Yes
Bidirectional: Limited
Data Collected:
- Azure alerts
- Metrics and logs
- Activity log events
- Application Insights
- Resource health
Key Features:
- Resource group mapping
- Subscription-level monitoring
- Cost management alerts
- Security Center integration
- Log Analytics queries
Infrastructure & Logs
Syslog
Integration Method: UDP/TCP Receiver
Real-time Support: Yes
Bidirectional: No
Data Collected:
- System logs
- Application logs
- Security events
- Kernel messages
- Custom log streams
Key Features:
- RFC 3164/5424 support
- Facility/severity mapping
- Pattern extraction
- Multi-line log handling
- Source identification
SNMP Traps
Integration Method: Trap Receiver
Real-time Support: Yes
Bidirectional: No
Data Collected:
- Network device alerts
- Environmental sensors
- Hardware status
- Link up/down events
- Custom OID values
Key Features:
- MIB translation
- v1/v2c/v3 support
- Community string mapping
- OID to human-readable conversion
- Trap forwarding
Custom Sources
Integration Method: REST API & Webhooks
Real-time Support: Yes
Bidirectional: Yes
Data Formats:
- JSON (preferred)
- XML
- Plain text
- CSV
- Custom formats with mapping
Key Features:
- Flexible field mapping
- Custom severity definitions
- Timestamp format handling
- Batch event support
- Authentication options
Integration Architecture
Event Normalization
Unified Event Model
Every event, regardless of source, is normalized into our standard format:
| Field | Description | Example |
|---|---|---|
| source | Monitoring tool identifier | "nagios", "zabbix", "prometheus" |
| sourceId | Unique ID from source system | "NAG-12345", "ZBX-67890" |
| severity | Normalized severity level | critical, major, minor, warning, info |
| title | Event summary | "Database Connection Failed" |
| description | Detailed event information | "MySQL connection timeout after 30s" |
| timestamp | Event occurrence time | ISO 8601 format |
| hostname | Affected host | "db-prod-01.example.com" |
| service | Affected service | "mysql", "apache", "redis" |
| category | Event classification | hardware, software, network, security |
Severity Mapping
Each source's severity levels are automatically mapped:
| Source | Critical | Major | Minor | Warning | Info |
|---|---|---|---|---|---|
| Nagios | CRITICAL, DOWN | - | UNKNOWN | WARNING | OK, UP |
| Zabbix | Disaster | High | Average | Warning | Information |
| Prometheus | critical | error | warning | - | info |
| CloudWatch | ALARM | - | INSUFFICIENT_DATA | - | OK |
| Syslog | Emergency, Alert, Critical | Error | - | Warning | Notice, Info, Debug |
Integration Methods
1. Webhook Integration (Recommended)
Fastest and most efficient method for real-time events
Setup Process:
- Generate webhook URL in Tripl-i
- Configure source to send events to webhook
- Set authentication token
- Test with sample event
- Enable production flow
Benefits:
- Real-time event delivery (< 1 second)
- No polling overhead
- Automatic retry on failure
- Batch event support
- Lower resource consumption
Security:
- Token-based authentication
- IP whitelisting available
- SSL/TLS encryption required
- Request signing optional
- Rate limiting protection
2. API Polling
For systems that don't support webhooks
Configuration:
- Polling interval: 30 seconds to 5 minutes
- Batch size: Up to 1000 events per poll
- Incremental updates only
- Automatic backfill support
Use Cases:
- Legacy systems
- Firewall restrictions
- Compliance requirements
- Historical data import
3. Protocol Listeners
For standard protocols like Syslog and SNMP
Supported Protocols:
- Syslog (UDP/TCP ports 514, 1514)
- SNMP Traps (UDP port 162)
- MQTT (TCP port 1883)
- Custom TCP/UDP listeners
Features:
- High-performance receivers
- Protocol-specific parsing
- Source identification
- Automatic format detection
Configuration Examples
Nagios Integration
Step 1: Create Integration Navigate to the Tripl-i Console and select Event Sources, then Add Source, and choose Nagios from the available options.
Step 2: Configure Nagios In your Nagios configuration, you'll need to create a command definition that sends events to the Tripl-i webhook URL provided in the console. The command should include key event details such as hostname, service description, state, and output.
Step 3: Apply to Services Configure your Nagios services to use the event handler you created. This ensures events are automatically forwarded to Tripl-i for processing and correlation.
Prometheus AlertManager
Step 1: Generate Webhook URL In the Tripl-i console, create a Prometheus integration to receive your unique webhook URL. This URL will be used to forward alerts from AlertManager.
Step 2: Configure AlertManager In your AlertManager configuration file, add Tripl-i as a receiver. Configure the webhook to point to the URL provided in Step 1. Include your authentication token for secure communication. Enable the send_resolved option to receive resolution notifications.
Step 3: Route Alerts Set up routing rules in AlertManager to direct alerts to the Tripl-i receiver. Configure grouping parameters based on your needs, such as alertname, cluster, or service. Define appropriate wait times and intervals for alert batching.
Custom API Integration
Integration Overview: Tripl-i provides a REST API endpoint for custom event ingestion. This allows you to send events from any system or application that can make HTTP POST requests.
Required Configuration:
- Obtain an API token from the Tripl-i console under Event Sources > Custom Integration
- Configure your application to send POST requests to the provided API endpoint
- Include the Bearer token in the Authorization header
- Set Content-Type to application/json
Event Data Structure: Events sent to the API should include key information such as:
- Source identification: System or application generating the event
- Severity level: Critical, major, minor, warning, or info
- Event details: Title, description, and timestamp
- Affected components: Hostname, service name, or application
- Additional context: Custom fields relevant to your environment
This flexible structure allows you to integrate any monitoring tool or custom application with Tripl-i's event management platform.
Advanced Features
Event Enrichment
Events are automatically enriched with:
CMDB Context:
- Configuration item details
- Business service mapping
- Owner and team information
- Location and environment
- Dependencies and relationships
Historical Context:
- Previous occurrences
- Resolution history
- Related changes
- Similar patterns
- Baseline comparisons
Filtering & Routing
Pre-Processing Filters:
- Severity-based filtering
- Source-specific rules
- Time-based suppression
- Duplicate detection
- Maintenance mode handling
Smart Routing:
- Team-based assignment
- Service ownership
- Skill-based routing
- Follow-the-sun support
- Escalation paths
Bulk Operations
Batch Event Ingestion:
- Up to 1000 events per request
- Transactional processing
- Partial success handling
- Error reporting
- Retry mechanisms
Historical Import:
- CSV/JSON file upload
- Date range selection
- Incremental loading
- Duplicate handling
- Progress tracking
Performance & Limits
Ingestion Rates
| Tier | Events/Minute | Burst Capacity | Retention |
|---|---|---|---|
| Standard | 1,000 | 5,000 | 90 days |
| Professional | 10,000 | 50,000 | 180 days |
| Enterprise | 100,000 | 500,000 | 365 days |
| Custom | Unlimited | Unlimited | Configurable |
API Rate Limits
| Operation | Limit | Window |
|---|---|---|
| Single Event | 100 req/min | Sliding |
| Bulk Events | 10 req/min | Sliding |
| Webhook | 1000 req/min | Sliding |
| Query API | 60 req/min | Sliding |
Processing Guarantees
- At-least-once delivery - Events never lost
- Order preservation - Within same source
- Idempotency - Duplicate prevention
- Retry logic - Automatic failure handling
- Dead letter queue - Failed event recovery
Security & Compliance
Authentication Methods
-
API Tokens
- Bearer token authentication
- Scoped permissions
- Rotation support
- Audit logging
-
OAuth 2.0
- Standard flow support
- Service accounts
- Token refresh
- SSO integration
-
Mutual TLS
- Certificate-based auth
- Client verification
- Chain validation
- Revocation checking
Data Security
- Encryption in Transit: TLS 1.2+ required
- Encryption at Rest: AES-256 encryption
- Data Residency: Regional storage options
- PII Handling: Automatic detection and masking
- Audit Trail: Complete event lineage
Compliance Features
- GDPR: Data retention and deletion
- HIPAA: PHI handling and encryption
- SOC 2: Security controls and monitoring
- PCI DSS: Cardholder data protection
- ISO 27001: Information security management
Troubleshooting
Common Integration Issues
Events Not Arriving:
- Verify webhook URL is correct
- Check authentication credentials
- Confirm network connectivity
- Review firewall rules
- Check source system logs
Incorrect Severity Mapping:
- Review severity mapping configuration
- Check source-specific overrides
- Verify normalization rules
- Update mapping if needed
Missing Fields:
- Confirm source sends all data
- Check field mapping rules
- Review enrichment configuration
- Enable debug logging
High Latency:
- Check network path
- Review batch sizes
- Optimize polling intervals
- Consider webhook migration
Validation Tools
Test Event Submission: Use the Tripl-i console's built-in test event generator to validate your integration. This feature allows you to send sample events and verify they are received and processed correctly.
Verify Integration:
- Integration health dashboard: Monitor connection status and event flow
- Test event generator: Send sample events through the UI
- Connection validator: Verify authentication and connectivity
- Format checker: Validate event payload structure
- Performance monitor: Track latency and throughput
Best Practices
1. Start Simple
- Begin with one critical source
- Validate normalization
- Test correlation
- Expand gradually
2. Use Webhooks When Possible
- Lower latency
- Reduced overhead
- Better reliability
- Real-time processing
3. Implement Filtering Early
- Reduce noise at source
- Filter maintenance events
- Suppress duplicates
- Focus on actionable alerts
4. Monitor Integration Health
- Track ingestion rates
- Watch error rates
- Monitor latency
- Review dropped events
5. Plan for Growth
- Design for scale
- Implement batching
- Use async processing
- Archive old events
Next Steps
- 📖 Event Correlation - Group related events
- 📖 AI Analysis - Add intelligence to events
- 📖 Notification Channels - Route alerts effectively