Chronosphere Integration
Connect Chronosphere to enable the AI agent to query metrics with PromQL, search logs, trace distributed requests, review monitors, and correlate change events during investigations. You can also forward Chronosphere monitor alerts to Autoheal via webhook so alerts are ingested, grouped, and available for triage in the Alerts page.
Capabilities
Once connected, the AI agent can:
| Capability | Description |
|---|---|
| Query Metrics | Run PromQL instant and range queries against Chronosphere metrics |
| Search Logs | Search log data with filters using Chronosphere query syntax |
| List Traces | Search distributed traces by service, operation, or trace ID |
| Check Monitors | List and inspect alert monitors and their configuration |
| Change Events | List deployment and config change events for incident correlation |
| Alert Source Webhooks | Receive Chronosphere firing and resolved alerts via webhook, with all Chronosphere labels preserved for grouping and routing |
Prerequisites
- A Chronosphere account with API access
- A service account API token
- Read permissions for metrics, logs, traces, and monitors
Setup
- Log in to your Chronosphere account
- Navigate to Settings > Service Accounts
- Create a new service account or select an existing one
- Go to API Tokens and click Create Token
- Copy the generated token
Service account tokens do not expire. For personal tokens, the maximum expiry is 30 days. We recommend using a service account token for stable integrations.
- Go to Integrations in Autoheal
- Click Chronosphere
- Enter a name (e.g., "Production Chronosphere")
Enter the following:
- Company Subdomain: Your Chronosphere subdomain (e.g.,
mycompanyformycompany.chronosphere.io) - API Token: Your service account API token
Click Test Connection to verify, then Save.
Required Permissions
The service account should have at least these permissions:
| Permission | Why It's Needed |
|---|---|
| Metrics read | Query PromQL metrics (instant and range) |
| Logs read | Search log data |
| Traces read | Access distributed traces |
| Monitors read | View monitor configuration and status |
| Events read | List change events |
Create a dedicated service account for Autoheal with read-only permissions. Avoid using tokens with write or admin access.
Example Queries
Once connected, you can ask the AI agent questions like:
Show me the error rate for the payment service over the last hour
Search logs for errors in the api-gateway service since 2pm
What monitors are currently configured for the platform team?
Show me traces for the checkout service with latency over 500ms
Were there any deployments or config changes in the last 2 hours?
Alert Source Setup
Chronosphere can also act as an alert source by forwarding monitor alerts to Autoheal via a webhook notifier. Chronosphere delivers an Alertmanager v4 compatible payload, so firing and resolved transitions, grouped alerts, and all labels are preserved end-to-end.
Configure Chronosphere as an Alert Source
- Open your Chronosphere integration in Autoheal
- Scroll to the Alert Source section
- Enable the webhook and copy the Webhook URL
- Optionally, enter a Webhook Signing Secret for an additional Bearer-token check on every delivery
- In Chronosphere, go to Alerts → Notifiers
- Click Add Notifier and choose Webhook as the type
- Give it a name (for example, "Autoheal")
- Paste the Webhook URL from Autoheal into the URL / endpoint field
- If you set a Webhook Signing Secret in Autoheal, expand HTTP Config and set the Bearer Token field to the same value — Chronosphere will send
Authorization: Bearer <token>on every request - Enable Notify when resolved so Autoheal receives resolved-state transitions (this is off by default for notifiers created in the UI — if you leave it off, Autoheal will only see firing events)
- Save the notifier
- Go to Alerts → Notification Policies
- Edit the default policy, or create a new one scoped to the collections you want
- Add a route that sends the desired severities (
warn,critical) to the Autoheal notifier - Save the policy
Chronosphere supports only two severity levels on the notification policy side: warn and critical. You can use label matchers to refine which monitors reach Autoheal (for example, team = platform or env = prod).
Use Test on the notifier, or deliberately trigger a test monitor, to verify alerts appear on Autoheal's Alerts page. Expect alerts to arrive within about 10 seconds of firing — Chronosphere has a built-in activation delay between a monitor triggering and the notifier firing.
Authenticating inbound webhooks is optional. The webhook URL already contains a unique per-integration secret so only a caller with that URL can reach your endpoint. Setting a Webhook Signing Secret adds a second layer by verifying the Authorization: Bearer header Chronosphere sends from the notifier's HTTP Config.
Chronosphere delivers an Alertmanager v4 payload and can batch multiple alerts in a single delivery. Resolved alerts are processed automatically and update status in Autoheal. A still-firing alert carries endsAt: "0001-01-01T00:00:00Z" — Autoheal treats this as "no end time yet" and keeps the alert open.
Troubleshooting
401 Authentication Failed
- Verify the API token is correct and not expired
- Ensure you are using a service account token, not a personal token
- Check that the token has not been revoked
403 Access Denied
- Verify the service account has the required read permissions
- Check that your Chronosphere plan includes API access
No Data Returned
- Verify the time range includes data
- For logs, ensure you include a primary key filter (service or severity)
- For metrics, check the PromQL query syntax
- Ensure the service account has access to the requested data
Connection Timeout
- Verify the company subdomain is correct
- Check network connectivity to
{company}.chronosphere.io
Webhook Alerts Not Appearing in Autoheal
- Verify the webhook URL pasted into Chronosphere matches the one shown in Autoheal exactly
- Check that the notifier is attached to a Notification Policy matching the monitor's collection and severity
- Make sure the monitor is actually firing (check Alerts > Monitors in Chronosphere)
- Ensure the webhook is enabled in the Autoheal integration settings
Resolved Alerts Never Arrive
- Open the notifier in Chronosphere and confirm Notify when resolved is enabled. UI-created notifiers leave this off by default; notifiers created via chronoctl or Terraform default to on
- Resolved notifications can lag up to five minutes behind the actual resolution time — this is a Chronosphere-side delay, not an Autoheal issue
Webhook Returns 401 Unauthorized
- If you configured a Webhook Signing Secret in Autoheal, set the same value as the Bearer Token in Chronosphere's notifier HTTP Config
- If you don't want Bearer auth, clear the Webhook Signing Secret field in the Alert Source section
Security team needs source IPs
Chronosphere publishes its outbound webhook IPs at https://chronosphere.io/ips.txt. Autoheal does not require IP allowlisting by default; if your network policy needs it, use that list but expect Chronosphere to add IPs over time.