OpenObserve · Capability
openobserve — Incidents
openobserve — Incidents. 5 operations. Lead operation: List alert incidents. Self-contained Naftiko capability covering one Openobserve business surface.
What You Can Do
GET
Listincidents
— List alert incidents
/v1/api/v2/{org-id}/alerts/incidents
GET
Getincidentstats
— Get incident statistics
/v1/api/v2/{org-id}/alerts/incidents/stats
GET
Getincident
— Get incident details
/v1/api/v2/{org-id}/alerts/incidents/{incident-id}
POST
Triggerincidentrca
— Trigger RCA analysis for an incident
/v1/api/v2/{org-id}/alerts/incidents/{incident-id}/rca
PATCH
Updateincident
— Update incident fields
/v1/api/v2/{org-id}/alerts/incidents/{incident-id}/update
MCP Tools
list-alert-incidents
List alert incidents
read-only
idempotent
get-incident-statistics
Get incident statistics
read-only
idempotent
get-incident-details
Get incident details
read-only
idempotent
trigger-rca-analysis-incident
Trigger RCA analysis for an incident
update-incident-fields
Update incident fields
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: openobserve — Incidents
description: 'openobserve — Incidents. 5 operations. Lead operation: List alert incidents. Self-contained Naftiko capability
covering one Openobserve business surface.'
tags:
- Openobserve
- Incidents
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
OPENOBSERVE_API_KEY: OPENOBSERVE_API_KEY
capability:
consumes:
- type: http
namespace: openobserve-incidents
baseUri: ''
description: openobserve — Incidents business capability. Self-contained, no shared references.
resources:
- name: api-v2-org_id-alerts-incidents
path: /api/v2/{org_id}/alerts/incidents
operations:
- name: listincidents
method: GET
description: List alert incidents
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: status
in: query
type:
- string
- 'null'
description: Filter by status (open, acknowledged, resolved)
- name: limit
in: query
type: integer
description: Maximum number of results
- name: offset
in: query
type: integer
description: Offset for pagination
- name: api-v2-org_id-alerts-incidents-stats
path: /api/v2/{org_id}/alerts/incidents/stats
operations:
- name: getincidentstats
method: GET
description: Get incident statistics
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: api-v2-org_id-alerts-incidents-incident_id
path: /api/v2/{org_id}/alerts/incidents/{incident_id}
operations:
- name: getincident
method: GET
description: Get incident details
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: incident_id
in: path
type: string
description: Incident ID
required: true
- name: api-v2-org_id-alerts-incidents-incident_id-rca
path: /api/v2/{org_id}/alerts/incidents/{incident_id}/rca
operations:
- name: triggerincidentrca
method: POST
description: Trigger RCA analysis for an incident
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: incident_id
in: path
type: string
description: Incident ID
required: true
- name: stream
in: query
type: boolean
description: 'Use streaming response (default: false)'
- name: reanalysis
in: query
type: boolean
description: 'Treat this as a user-initiated reanalysis — bypasses cooldown (default: false)'
- name: api-v2-org_id-alerts-incidents-incident_id-update
path: /api/v2/{org_id}/alerts/incidents/{incident_id}/update
operations:
- name: updateincident
method: PATCH
description: Update incident fields
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: incident_id
in: path
type: string
description: Incident ID
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
authentication:
type: apikey
key: Authorization
value: '{{env.OPENOBSERVE_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: openobserve-incidents-rest
port: 8080
description: REST adapter for openobserve — Incidents. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/api/v2/{org-id}/alerts/incidents
name: api-v2-org-id-alerts-incidents
description: REST surface for api-v2-org_id-alerts-incidents.
operations:
- method: GET
name: listincidents
description: List alert incidents
call: openobserve-incidents.listincidents
with:
org_id: rest.org_id
status: rest.status
limit: rest.limit
offset: rest.offset
outputParameters:
- type: object
mapping: $.
- path: /v1/api/v2/{org-id}/alerts/incidents/stats
name: api-v2-org-id-alerts-incidents-stats
description: REST surface for api-v2-org_id-alerts-incidents-stats.
operations:
- method: GET
name: getincidentstats
description: Get incident statistics
call: openobserve-incidents.getincidentstats
with:
org_id: rest.org_id
outputParameters:
- type: object
mapping: $.
- path: /v1/api/v2/{org-id}/alerts/incidents/{incident-id}
name: api-v2-org-id-alerts-incidents-incident-id
description: REST surface for api-v2-org_id-alerts-incidents-incident_id.
operations:
- method: GET
name: getincident
description: Get incident details
call: openobserve-incidents.getincident
with:
org_id: rest.org_id
incident_id: rest.incident_id
outputParameters:
- type: object
mapping: $.
- path: /v1/api/v2/{org-id}/alerts/incidents/{incident-id}/rca
name: api-v2-org-id-alerts-incidents-incident-id-rca
description: REST surface for api-v2-org_id-alerts-incidents-incident_id-rca.
operations:
- method: POST
name: triggerincidentrca
description: Trigger RCA analysis for an incident
call: openobserve-incidents.triggerincidentrca
with:
org_id: rest.org_id
incident_id: rest.incident_id
stream: rest.stream
reanalysis: rest.reanalysis
outputParameters:
- type: object
mapping: $.
- path: /v1/api/v2/{org-id}/alerts/incidents/{incident-id}/update
name: api-v2-org-id-alerts-incidents-incident-id-update
description: REST surface for api-v2-org_id-alerts-incidents-incident_id-update.
operations:
- method: PATCH
name: updateincident
description: Update incident fields
call: openobserve-incidents.updateincident
with:
org_id: rest.org_id
incident_id: rest.incident_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: openobserve-incidents-mcp
port: 9090
transport: http
description: MCP adapter for openobserve — Incidents. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: list-alert-incidents
description: List alert incidents
hints:
readOnly: true
destructive: false
idempotent: true
call: openobserve-incidents.listincidents
with:
org_id: tools.org_id
status: tools.status
limit: tools.limit
offset: tools.offset
outputParameters:
- type: object
mapping: $.
- name: get-incident-statistics
description: Get incident statistics
hints:
readOnly: true
destructive: false
idempotent: true
call: openobserve-incidents.getincidentstats
with:
org_id: tools.org_id
outputParameters:
- type: object
mapping: $.
- name: get-incident-details
description: Get incident details
hints:
readOnly: true
destructive: false
idempotent: true
call: openobserve-incidents.getincident
with:
org_id: tools.org_id
incident_id: tools.incident_id
outputParameters:
- type: object
mapping: $.
- name: trigger-rca-analysis-incident
description: Trigger RCA analysis for an incident
hints:
readOnly: false
destructive: false
idempotent: false
call: openobserve-incidents.triggerincidentrca
with:
org_id: tools.org_id
incident_id: tools.incident_id
stream: tools.stream
reanalysis: tools.reanalysis
outputParameters:
- type: object
mapping: $.
- name: update-incident-fields
description: Update incident fields
hints:
readOnly: false
destructive: false
idempotent: true
call: openobserve-incidents.updateincident
with:
org_id: tools.org_id
incident_id: tools.incident_id
body: tools.body
outputParameters:
- type: object
mapping: $.