forked from ryanmaclean/azure-incident-response
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjson_import.json
1 lines (1 loc) · 8.98 KB
/
json_import.json
1
{"data":{"type":"notebooks","attributes":{"name":"Azure Incident Response","time":{"live_span":"1h"},"cells":[{"id":"2qrcie5j","type":"notebook_cells","attributes":{"definition":{"type":"markdown","text":"# Azure Incident Response with Datadog"}}},{"id":"wgc47zu8","type":"notebook_cells","attributes":{"definition":{"type":"markdown","text":"# 1. Intro\n\nIn this *quick* section we'll set up a test, assign a metric as a monitor, then go through a quick incident. \n\nIf you're reading this as a readme on GitHub, you can download the notebook's [JSON file from `json_import.json`](https://raw.githubusercontent.com/ryanmaclean/azure-incident-response/main/json_import.json) file in the repository, and import it. \n\n1. First [create a new notebook in Datadog](https://us3.datadoghq.com/notebook). \n2. After creating a new notebook, import it from the top-right share icon.\n\n> Note: if ever you need to export a notebook, from the same menu you can download as PDF or markdown (.md) or export the JSON file. \n\n## Overview\n\n- [x] 1. Intro\n- [ ] 2. Synthetic Testing\n- [ ] 3. Monitors\n- [ ] 4. Creating an Incident\n- [ ] 5. Updating an Incident\n- [ ] 6. Resolving an Incident\n- [ ] 7.Blameless Postmortem\n- [ ] 8. Links and Docs\n- [ ] 9. Markdown Fun!"}}},{"id":"yu8q7o8m","type":"notebook_cells","attributes":{"definition":{"type":"markdown","text":"# 2. Synthetic Testing\n\nIn order to test the site we created earlier in the lab, we'll set up a synthetic monitor. \n\nYou can do that by following this [link to create a multi-step syntethic test](https://us3.datadoghq.com/synthetics/multi-step/create).\n\nIn a different tab, we'll need to retrieve the URL for our app service from the [Azure App Services page](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites).\n\nAfter running a few tests - you can export the metrics or graphs to a dashboard (new or existing) or even add one to a notebook, as seen below!\n\nOnce you see the Network Timings graph below fill up, please proceed to the next section. "}}},{"id":"595zzynr","type":"notebook_cells","attributes":{"definition":{"title":"Network timings (averaged)","show_legend":true,"type":"timeseries","requests":[{"q":"avg:synthetics.http.download.time{check_id:mm8-sgf-q4k,step_id:ixj-d2n-dbb},\navg:synthetics.http.firstbyte.time{check_id:mm8-sgf-q4k,step_id:ixj-d2n-dbb},\navg:synthetics.http.ssl.time{check_id:mm8-sgf-q4k,step_id:ixj-d2n-dbb},\navg:synthetics.http.connect.time{check_id:mm8-sgf-q4k,step_id:ixj-d2n-dbb},\navg:synthetics.http.dns.time{check_id:mm8-sgf-q4k,step_id:ixj-d2n-dbb},\navg:synthetics.http.redirect.time{check_id:mm8-sgf-q4k,step_id:ixj-d2n-dbb}","style":{"palette":"dog_classic","line_type":"solid","line_width":"normal"},"display_type":"area"}],"yaxis":{"scale":"linear"}},"time":null,"split_by":{"keys":[],"tags":[]},"graph_size":"m"}},{"id":"0bhbyge7","type":"notebook_cells","attributes":{"definition":{"type":"markdown","text":"# 3. Monitors\n\nNext we'll head over to the [Monitors](https://us3.datadoghq.com/monitors/manage) section of Datadog in order to have a look at the automatically-created monitor from our synthetic test. \n\nIt might be red, but don't panic - we're only setting things up in our development environment 😅\n\nBecause we set our alert to `@all`, everyone in our company would have received this alert. That could have been via [Teams](https://docs.datadoghq.com/integrations/microsoft_teams/), email, or other services you've set up in order to receive alerts or notifications. "}}},{"id":"clqn3kub","type":"notebook_cells","attributes":{"definition":{"title":"Synthetics Response Time by URL","type":"toplist","requests":[{"formulas":[{"formula":"query1","limit":{"count":10,"order":"desc"}}],"queries":[{"query":"avg:synthetics.http.response.time{*} by {url}","data_source":"metrics","name":"query1","aggregator":"avg"}],"response_format":"scalar"}]},"time":null,"split_by":{"keys":[],"tags":[]},"graph_size":"m"}},{"id":"p9h49nra","type":"notebook_cells","attributes":{"definition":{"type":"markdown","text":"# 4. Creating an Incident\n\nFrom the dashboard we created by exporting the Synthetics metric, we'll declare an incident. \n\nIn the incident declaration, you can set a title/summary, the severity level, pick an audience for notifications as well as context and signals (ours will be pre-filled as we created the incident from a graph). \n\nOnce the incident has been created, it will appear in the following graph of Active Incidents. "}}},{"id":"on9u6rke","type":"notebook_cells","attributes":{"definition":{"title":"Active Incidents","show_legend":true,"type":"timeseries","requests":[{"formulas":[{"formula":"query1"}],"queries":[{"search":{"query":"state:active"},"data_source":"incident_analytics","compute":{"aggregation":"count"},"name":"query1","indexes":["*"],"group_by":[{"facet":"state","sort":{"aggregation":"count","order":"desc"},"limit":10},{"facet":"commander.name","sort":{"aggregation":"count","order":"desc"},"limit":10}]}],"response_format":"timeseries","on_right_yaxis":false,"style":{"palette":"warm","line_type":"solid","line_width":"normal"},"display_type":"bars"}],"yaxis":{"scale":"linear"}},"time":null,"split_by":{"keys":[],"tags":[]},"graph_size":"m"}},{"id":"75h549hr","type":"notebook_cells","attributes":{"definition":{"type":"markdown","text":"# 5. Updating the Incident\n\nThroughout the incident lifecycle, we'll want to update the status in order to keep team team and stakeholders up-to-date on the progress. \n\nNote that you can also link to both live chat as well as video chat - say for example you've set up a new Teams channel programmatically in order to deal with the incident, but also a live Teams video meeting muster point (or \"war room\"). Both can be added as links so that others can join and get updated with one click from the header on the incident's page. *ADD IMAGE HERE*\n\nNext we'll go over adding an update, as well as sending out a notification from within the Incident Response section of Datadog. \n\nTo do so, first add an update from the [Incident Response _timeline_](https://us3.datadoghq.com/incidents/1/timeline).\n\nOnce it has been updated, on the top-right of the Incident Response page, we'll send out a notification: *ADD IMAGE HERE*\n\nNext we'll add a task to the incident. This is like a to-do list for the team. You can assign tasks to team members as well as add a deadline, if required. \n\nAfter adding a task to the incident, the [Datadog Events query should show an entry for the Incident update](https://us3.datadoghq.com/event/explorer?query=source%3Aincidents)."}}},{"id":"v6ayqxfp","type":"notebook_cells","attributes":{"definition":{"type":"markdown","text":"# 6. Resolving the Incident\n\nOnce we've addressed the causes of the incident, for example via a subsequent deployment, we can then resolve it, via the status on the top-left of the Incident Resolution page. "}}},{"id":"gxeqsz8b","type":"notebook_cells","attributes":{"definition":{"title":"Resolved Incidents","show_legend":true,"type":"timeseries","requests":[{"formulas":[{"formula":"query1"}],"queries":[{"search":{"query":"state:resolved"},"data_source":"incident_analytics","compute":{"aggregation":"count"},"name":"query1","indexes":["*"],"group_by":[]}],"response_format":"timeseries","on_right_yaxis":false,"style":{"palette":"purple","line_type":"solid","line_width":"normal"},"display_type":"bars"}],"yaxis":{"scale":"linear"}},"time":null,"split_by":{"keys":[],"tags":[]},"graph_size":"m"}},{"id":"9eg0z7jh","type":"notebook_cells","attributes":{"definition":{"type":"markdown","text":"# 7. Blameless Postmortem\n\nOnce the incident has been resolved, you would normally start the blameless postmortem process. \n\nThis means collecting a timeline of events, things that were tried, any dashboards related to the incident, etc. Since we collected these as we went along, when the postmortem is created in Datadog, it will collect all of these for you, and collect it in a notebook. Once the postmortem notebook has been created, you can then export it as markdown, JSON and/or PDF. \n\n[Link to first postmortem](https://us3.datadoghq.com/notebook/649)"}}},{"id":"kxuly4zq","type":"notebook_cells","attributes":{"definition":{"type":"markdown","text":"# 8. Markdown Fun!\n\nWhile working with Datadog notebooks, sometimes having a cheat-sheet handy can be helpful for those unfamiliar with Markdown, as well as to serve as a quick reminder to you while on-call. \n\n## Some Handy Markdown\n\n# Title\n## Sub-title\n### Sub-sub-title\n>Note\n\n## Emphasis \nUse either `_` or `*`:\n\n**bold** / __bold__\n\n*italics* / _italics_\n\n## Code Snippets\n\nSingle line / inline\n`code`\n\nMultiline\n```\nfor i in {1..100}; \n do echo \"hi from Datadog!\"; \ndone\n```\n\n\n\n## Links\n[link]()\n![](https://image.jpeg)\n\n## Tables\n\n| Azure Service | Monitor |\n| ----------- | ----------- |\n| App Service | Throughput |\n| VM | Uptime |\n\n## Checklists\n\n- [x] Checklist Item\n- [ ] Unchecked\n\n## Bullets\n\n- Bullet \n- List\n\n## Numbered Lists\n\n1. This is the first item\n2. This is the second!\n\n"}}}]}}}