Skip to content
/ cribl-webhook-pagerduty Public

This pack demonstrates use of the WebHook destination by using the PagerDuty service. You can use this function to alert your team of potential issues.

License

Apache-2.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

criblpacks/cribl-webhook-pagerduty

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
data
data
 
 
default
default
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

Cribl Pack for WebHook PagerDuty

This pack demonstrates use of the WebHook destination by using the PagerDuty service. You can use this function to alert your team of potential issues.

This pack watches LogStream internal metrics for indications that the persistent queue for destinations have started growing. This is easy enough to change for use with any data source you prefer.

Note: The WebHook destination is not intended to be used for streaming events en masse. In this pack we carefully restrict the potential outflow to single events.

Requirements

Before you begin, ensure that you have met the following requirements:

Using The Pack

To use this Pack, follow these steps:

  1. You'll need to enable Cribl Internal Metrics (or choose another data source)
  2. You'll need to define a WebHook destination with the following settings:
    • URL: https://events.pagerduty.com/v2/enqueue
    • Method: POST
    • Format: NDJSON
    • Backpressure: User choice but we urge you to choose 'Drop'. We don't want a PagerDuty hiccup to block your workers.
    • Post-processing: Clear system fields
  3. Add the integration token(s) to the lookup file under the Pack's Knowledge tab
    • You can specify a regex to match against host – use . to match anything if you only have 1 use case
  4. Define a new route that points to the pack, with an output pointing to your webhook destination from step 2

The trigger_pipe pipeline trims your datastream down to just the events we're interested in for this demonstration: cribl.logstream.pq.queue_size with value > 0. For events that match, a WebHook will be sent to PagerDuty to trigger an incident up to once every 5 minutes per host-output combination. We also send host-output to PagerDuty for deduplication on their end.

Adjust these rules as required for your particular dataset and/or situation.

Release Notes

Version 0.5.0 - 2021-06-22

First release

Contributing to the Pack

Contributions accepted via email. A github repo will be available soon.

Contact

To contact us please email jrust@cribl.io.

License

This Pack uses the following license: Apache 2.0.

About

This pack demonstrates use of the WebHook destination by using the PagerDuty service. You can use this function to alert your team of potential issues.

Topics

webhook stream-processing pagerduty notificaiton

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages