CL-Softwares
/
telegraf
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: more fields for papertrail event webhook (#9940)

This commit is contained in:
Sam Arnold 2021-10-18 10:04:53 -04:00 committed by GitHub
parent 34c2b6232d
commit c4c32025c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 58 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
plugins/inputs/webhooks/papertrail/README.md
View File

@ -14,6 +14,23 @@ Events from Papertrail come in two forms:
* Each point has a field counter (`count`), which is set to `1` (signifying the event occurred) * Each point has a field counter (`count`), which is set to `1` (signifying the event occurred)
* Each event "hostname" object is converted to a `host` tag * Each event "hostname" object is converted to a `host` tag
* The "saved_search" name in the payload is added as an `event` tag * The "saved_search" name in the payload is added as an `event` tag
* The "saved_search" id in the payload is added as a `search_id` field
* The papertrail url to view the event is built and added as a `url` field
* The rest of the data in the event is converted directly to fields on the point:
* `id`
* `source_ip`
* `source_name`
* `source_id`
* `program`
* `severity`
* `facility`
* `message`
When a callback is received, an event-based point will look similar to:
```
papertrail,host=myserver.example.com,event=saved_search_name count=1i,source_name="abc",program="CROND",severity="Info",source_id=2i,message="message body",source_ip="208.75.57.121",id=7711561783320576i,facility="Cron",url="https://papertrailapp.com/searches/42?centered_on_id=7711561783320576",search_id=42i 1453248892000000000
```
* The [count-based callback](http://help.papertrailapp.com/kb/how-it-works/web-hooks/#count-only-webhooks) * The [count-based callback](http://help.papertrailapp.com/kb/how-it-works/web-hooks/#count-only-webhooks)
@ -22,10 +39,7 @@ Events from Papertrail come in two forms:
* Each count "source_name" object is converted to a `host` tag * Each count "source_name" object is converted to a `host` tag
* The "saved_search" name in the payload is added as an `event` tag * The "saved_search" name in the payload is added as an `event` tag
The current functionality is very basic, however this allows you to When a callback is received, a count-based point will look similar to:
track the number of events by host and saved search.
When an event is received, any point will look similar to:
``` ```
papertrail,host=myserver.example.com,event=saved_search_name count=3i 1453248892000000000 papertrail,host=myserver.example.com,event=saved_search_name count=3i 1453248892000000000

32
plugins/inputs/webhooks/papertrail/papertrail_test.go
View File

@ -67,8 +67,32 @@ func TestEventPayload(t *testing.T) {
resp := post(pt, contentType, form.Encode()) resp := post(pt, contentType, form.Encode())
require.Equal(t, http.StatusOK, resp.Code) require.Equal(t, http.StatusOK, resp.Code)
fields := map[string]interface{}{ fields1 := map[string]interface{}{
"count": uint64(1), "count": uint64(1),
"id": int64(7711561783320576),
"source_ip": "208.75.57.121",
"source_name": "abc",
"source_id": int64(2),
"program": "CROND",
"severity": "Info",
"facility": "Cron",
"message": "message body",
"url": "https://papertrailapp.com/searches/42?centered_on_id=7711561783320576",
"search_id": int64(42),
}
fields2 := map[string]interface{}{
"count": uint64(1),
"id": int64(7711562567655424),
"source_ip": "208.75.57.120",
"source_name": "server1",
"source_id": int64(19),
"program": "CROND",
"severity": "Info",
"facility": "Cron",
"message": "A short event",
"url": "https://papertrailapp.com/searches/42?centered_on_id=7711562567655424",
"search_id": int64(42),
} }
tags1 := map[string]string{ tags1 := map[string]string{
@ -80,8 +104,8 @@ func TestEventPayload(t *testing.T) {
"host": "def", "host": "def",
} }
acc.AssertContainsTaggedFields(t, "papertrail", fields, tags1) acc.AssertContainsTaggedFields(t, "papertrail", fields1, tags1)
acc.AssertContainsTaggedFields(t, "papertrail", fields, tags2) acc.AssertContainsTaggedFields(t, "papertrail", fields2, tags2)
} }
func TestCountPayload(t *testing.T) { func TestCountPayload(t *testing.T) {

13
plugins/inputs/webhooks/papertrail/papertrail_webhooks.go
View File

@ -2,6 +2,7 @@ package papertrail
import ( import (
"encoding/json" "encoding/json"
"fmt"
"log" "log"
"net/http" "net/http"
"time" "time"
@ -49,7 +50,17 @@ func (pt *PapertrailWebhook) eventHandler(w http.ResponseWriter, r *http.Request
"event": payload.SavedSearch.Name, "event": payload.SavedSearch.Name,
} }
fields := map[string]interface{}{ fields := map[string]interface{}{
"count": uint64(1), "count": uint64(1),
"id": e.ID,
"source_ip": e.SourceIP,
"source_name": e.SourceName,
"source_id": int64(e.SourceID),
"program": e.Program,
"severity": e.Severity,
"facility": e.Facility,
"message": e.Message,
"url": fmt.Sprintf("%s?centered_on_id=%d", payload.SavedSearch.SearchURL, e.ID),
"search_id": payload.SavedSearch.ID,
} }
pt.acc.AddFields("papertrail", fields, tags, e.ReceivedAt) pt.acc.AddFields("papertrail", fields, tags, e.ReceivedAt)
} }