Enables Telegraf to act as a Papertrail Webhook.
Events from Papertrail come in two forms:
-
The event-based callback:
- A point is created per event, with the timestamp as
received_at - Each point has a field counter (
count), which is set to1(signifying the event occurred) - Each event "hostname" object is converted to a
hosttag - The "saved_search" name in the payload is added as an
eventtag - The "saved_search" id in the payload is added as a
search_idfield - The papertrail url to view the event is built and added as a
urlfield - The rest of the data in the event is converted directly to fields on the point:
idsource_ipsource_namesource_idprogramseverityfacilitymessage
- A point is created per event, with the timestamp as
When a callback is received, an event-based point will look similar to:
papertrail,host=myserver.example.com,event=saved_search_name count=1i,source_name="abc",program="CROND",severity="Info",source_id=2i,message="message body",source_ip="208.75.57.121",id=7711561783320576i,facility="Cron",url="https://papertrailapp.com/searches/42?centered_on_id=7711561783320576",search_id=42i 1453248892000000000-
- A point is created per timeseries object per count, with the timestamp as the "timeseries" key (the unix epoch of the event)
- Each point has a field counter (
count), which is set to the value of each "timeseries" object - Each count "source_name" object is converted to a
hosttag - The "saved_search" name in the payload is added as an
eventtag
When a callback is received, a count-based point will look similar to:
papertrail,host=myserver.example.com,event=saved_search_name count=3i 1453248892000000000