Triggers API | Honeycomb

We use cookies or similar technologies to personalize your online experience & tailor marketing to you. Many of our product features require cookies to function properly.

Read our privacy policy I accept cookies from this site

Honeycomb.io Docs
  1. Docs
  2. API
  3. Triggers API

Triggers API

The Triggers API is for creating, reading, modifying, or deleting Honeycomb Triggers via API. All requests should be made via HTTPS to api.honeycomb.io.

The API is permitted to manipulate Triggers as if it was any other member of your team. (See our Roles and Permissions for more details.)

To see an example of the Triggers API in action, try out the Webhook Listener Example App.

Fields on a Trigger 

A Trigger consists of a name, description, associated Honeycomb query (which must contain one calculation), threshold, and list of one or more recipients.

Use the optional alert_type field with one of the following values to determine the trigger’s mode of operation for your use case:

  • on_change: (default) Sends a trigger notification when the result of the specified calculation crosses the threshold. The trigger resolves only when the result of the query no longer satisfies the threshold condition.
  • on_true: Keep sending a trigger notification at current frequency when and while the threshold is being met. (This reflects the same behavior as the “Send an alert every time a threshold is met” checkbox in the Honeycomb UI.)

Triggers have a duration over which they query data and a frequency which determines how often they run. A trigger with a duration of 5 minutes (set query time_range to 300) and a frequency of 2 minutes will run every 2 minutes over the last 5 minutes of data. The duration of a trigger query can be at most 1 day, and cannot exceed 4 times the frequency of the trigger. For example, if the trigger’s frequency is 1 hour, query duration can not be more than 4 hours. Query duration can also not be less than the trigger’s frequency.

Triggers belong to Datasets, and the Dataset name is encoded in the REST URL for each action.

  • name: (required) the trigger’s name displayed in the UI
  • description: displayed on the triggers page itself
  • disabled: a boolean for the disabled state of the trigger. If true, the trigger will not be run. If this field is omitted, the trigger will be enabled (i.e. disabled = false)
  • query_id or query: (required) a query ID or an inline query that is a strict subset of a Query Specification. A Trigger Query Specification must contain exactly one item in calculations, and may contain breakdowns, filters, and/or filter_combination, and time_range, which defines the query’s duration. The HEATMAP calculation may not be used for the trigger calculation. time_range will default to frequency if frequency is specified, or to 900 seconds (15 min, the default for frequency) if frequency is not specified
  • threshold: (required) an object with a specified Filter "op" and a "value" against which to compare the result. Allowed threshold "op"s are >, >=, <, and <=.
  • frequency: an integer describing the interval (in seconds) in which to check the results of the query’s calculation against the threshold. Value must be divisible by 60 and between 60 and 86400 (between 1 minute and 1 day). Defaults to 900 (15 minutes).
  • alert_type: a string value defining when to fire the alert. Allowed values for "alert_type" are on_change (default) and on_true (continuously fires when threshold is met)
  • recipients: a list of Recipients to notify when a given Trigger fires. PagerDuty and webhook recipients must be configured in the UI before they can be used via an API request. If you would like to use an existing recipient, it is recommended (although not required) to specify the recipient using its ID.
  • triggered: a boolean indicating whether this trigger crossed its specified threshold without resolving. If true, the trigger crossed its specified threshold without resolving. (This triggered field is present in responses only, and will be ignored in requests.)

Note for Honeycomb Secure Tenancy users:

Trigger names and descriptions will not be masked by the secure proxy. Please only use names and descriptions that you feel comfortable storing in Honeycomb’s database and sending through third parties such as Slack or PagerDuty.

Authorization and Headers 

The only expected header is X-Honeycomb-Team, which is your API key, and it is required. The API key must have the Triggers permission. Learn more about API keys.

Specifying Recipients 

To use existing recipients with your triggers, it is best to specify the recipient with its unique ID. (For example, when creating a new trigger, you would like to assign a webhook previously setup in the Integration Center.) If you pass in a recipient without its ID and only include the type and target, Honeycomb will make a best effort to match to an existing recipient.

To get a recipient’s ID, it must have been previously used with a trigger. Run the List Triggers or Get Trigger API to get the JSON output for the trigger. It will include the recipient’s ID. Use that ID to specify the recipient.

Create a Trigger 

Triggers are created by sending a POST request to /1/triggers/<DATASET_NAME>.

The body of the POST should be a JSON encoded object containing key/value pairs. ID may not be set during creation.

A successful response will return HTTP 201 and the Location header will contain the URL to the new Trigger resource.

Invalid input will result in a HTTP 422 being returned.

Create Example Request  

curl https://api.honeycomb.io/1/triggers/DATASET_NAME -X POST \
    -H "X-Honeycomb-Team: YOUR_API_KEY" \
    -d '
{
  "name":"Unusual endpoint access",
  "query":{
    "breakdowns":["user_agent"],
    "calculations":[{"op": "COUNT"}],
    "filters":[
      {"column":"endpoint","op":"=","value":"/wp-login.php"},
      {"column":"endpoint","op":"=","value":"/.htaccess"}
    ],
    "filter_combination": "OR"
  },
  "threshold":{"op":">","value":0},
  "alert_type":"on_change",
  "disabled":false,
  "recipients":[
    {
      "id": "abcd123",
      "type":"email",
      "target":"alerts@example.com"
    },
    {
      "id": "efghij4",
      "type":"slack",
      "target":"#alerts"
    },
    {
      "id": "b4Z71h",
      "type":"pagerduty"
    }
  ]
}'

Create Example Response  

{
  "name":"Unusual endpoint access",
  "query_id": "abc3419d",
  "frequency":900,
  "threshold":{"op":">","value":0},
  "disabled":false,
  "alert_type":"on_change",
  "recipients":[
    {
      "id": "abcd123",
      "type":"email",
      "target":"alerts@example.com"
    },
    {
      "id": "efghij4",
      "type":"slack",
      "target":"#alerts"
    },
    {
      "id": "b4Z71h",
      "type":"pagerduty"
    }
  ],
  "id":"FjQTTZKe5sC",
  "triggered":"false"
}'

Retrieve a Trigger 

Fetch details for a single Trigger by sending a GET request to /1/triggers/<DATASET_NAME>/<Trigger ID>.

Retrieve Example Request  

curl https://api.honeycomb.io/1/triggers/DATASET_NAME/FjQTTZKe5sC \
    -H "X-Honeycomb-Team: YOUR_API_KEY"

Retrieve Example Response  

{
  "name": "Unusual endpoint access",
  "frequency": 900,
  "query_id": "abc3419d",
  "threshold": { "op": ">", "value": 0 },
  "disabled": true,
  "alert_type": "on_change",
  "recipients": [
    {
      "id": "abcd123",
      "type": "email",
      "target": "alerts@example.com"
    },
    {
      "id": "efghij4",
      "type": "slack",
      "target": "#alerts"
    },
    {
      "id": "b4Z71h",
      "type": "pagerduty"
    }
  ],
  "id": "FjQTTZKe5sC",
  "triggered": "false"
}

Update a Trigger 

Update a specific Trigger directly by sending a PUT request to /1/triggers/<DATASET_NAME>/<Trigger ID>.

The body of the request must contain the same fields as for creating a new trigger. Missing (optional) fields will use the defaults, not existing values.

Note for the disabled field:

The disabled field has special behavior for PUT requests. If omitted, Honeycomb will keep the current value of the disabled field. In other words, if your trigger is disabled and you send a PUT request with the disabled field omitted from the json payload, the trigger will remain disabled.

Update Example Request  

curl https://api.honeycomb.io/1/triggers/DATASET_NAME/FjQTTZKe5sC -X PUT \
    -H "X-Honeycomb-Team: YOUR_API_KEY" \
    -d '
{
  "name":"Unusual endpoint access",
  "description":"(watch out for h4ck3rz)",
  "query_id": "abc3419d",
  "frequency":600,
  "threshold":{"op":">","value":1},
  "disabled": true,
  "alert_type":"on_change",
  "recipients":[
    {
      "id": "abcd123",
      "type":"email",
      "target":"alerts@example.com"
    }
  ]
}'

Update Example Response  

{
  "name": "Unusual endpoint access",
  "description": "(watch out for h4ck3rz)",
  "query_id": "abc3419d",
  "frequency": 600,
  "threshold": { "op": ">", "value": 1 },
  "alert_type": "on_change",
  "disabled": true,
  "recipients": [
    {
      "id": "abcd123",
      "type": "email",
      "target": "alerts@example.com"
    }
  ],
  "id": "FjQTTZKe5sC",
  "triggered": "false"
}

Delete a Trigger 

Delete a specific Trigger for a Dataset by sending a DELETE request to /1/triggers/<DATASET_NAME>/<Trigger ID>.

The body of the DELETE request should be empty.

A successful DELETE response will return a HTTP 204 status code.

Delete Example Request  

curl https://api.honeycomb.io/1/triggers/DATASET_NAME/2NeeaE9bBLd -X DELETE \
    -H "X-Honeycomb-Team: YOUR_API_KEY"

Delete Example Response  

# DELETE returns HTTP 204: No Content

List All Triggers 

All the Triggers in a dataset may be retrieved by sending a GET request to /1/triggers/<DATASET_NAME>.

A successful response will return HTTP 200 and a JSON list of all Trigger objects for the dataset.

Invalid input will result in a HTTP 422 being returned.

List All Example Request  

curl https://api.honeycomb.io/1/triggers/DATASET_NAME \
    -X GET -H "X-Honeycomb-Team: YOUR_API_KEY"

Did you find what you were looking for?

Table of Contents