Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates to allow for use of additional PD-CEF fields #53

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

anguswilliams
Copy link

@anguswilliams anguswilliams commented Apr 5, 2023

  • Add --client-name and --sensu-base-url. If provided, these options add a link to the Sensu dashboard from the Pagerduty Alert.
  • Add --link-annotations option. If set, this option will any links provided in the check or entity annotations as links in the Pagerduty Event.
  • Add ability to template additional PD-CEF Fields from Sensu event data:
    • Add --use-event-timestamp option. If set this option will set the Timestamp field to the timestamp of the Sensu event.
    • Add --class-template, --group-template and --component-template option. If provided, this option allows for the Class, Group and Component PD-CEF fields to be templated from Sensu event data. Note the Component field is set to the Sensu events .Check.Name by default if no template is provided to retain compatibility.

@anguswilliams
Copy link
Author

@fguimond sorry to bug you, I couldn't find any code owners file and noticed you've merged a change recently. Could I get a review on this?

@asachs01
Copy link

asachs01 commented Apr 11, 2023

@anguswilliams 👋 can you elaborate on the value these features add to the handler? Is it to be able to take advantage of PDs event routing/orchestration capabilities?

@anguswilliams
Copy link
Author

Hey @asachs01, thanks for the response, thats correct:

For the additional PD-CEF field templates, I have a use case to populate these fields from event labels and route to certain pagerduty services. This means I don't have to send the full event json as custom_details to pagerduty and can sanitise the output to be easier to read for the receiving engineer. This is in-line with tools like Alertmanager which make all these fields templatable.

The sensu-base-url part is so you can get back to the sensu dashboard from the pagerduty event. The link-annotations flag allows abitrary links to be added to the PD event via annotations. For example we enforce check.metadata.annotations.documention and optionally entity.metadata.annotations.documention. They would show up like this in the PD event:

image

@asachs01
Copy link

Thanks for the clarification @anguswilliams ! @fguimond is reviewing your changes IIRC and we should have an update on approving the PR soon.

@anguswilliams anguswilliams force-pushed the pd-cef branch 2 times, most recently from 9f91885 to 1417be4 Compare June 12, 2023 04:09
@anguswilliams
Copy link
Author

Hey @fguimond / @asachs01, any chance you could take a look at this, I've rebased your latest changes to get rid of the merge conflicts.

@asachs01
Copy link

Hi @anguswilliams I'll have to defer to @fguimond . I no longer have the ability to approve any changes.

@anguswilliams
Copy link
Author

@fguimond any chance you could take a look at this?

- Add `--client-name` and `--sensu-base-url`. If provided, these options add a link to the Sensu dashboard from the
  Pagerduty Alert.
- Add `--link-annotations` option. If set, this option will any links provided in the check or entity annotations as
  links in the Pagerduty Event.
- Add ability to template additional [PD-CEF][PD-CEF] Fields from Sensu event data:
  - Add `--use-event-timestamp` option. If set this option will set the `Timestamp` field to the
    timestamp of the Sensu event.
  - Add `--class-template`, `--group-template` and `--component-template` option. If provided, this option allows for
    the `Class`, `Group` and `Component` [PD-CEF][PD-CEF] fields to be templated from Sensu event data. Note the
    `Component` field is set to the Sensu events `.Check.Name` by default if no template is provided to retain
    compatibility.

Signed-off-by: Angus Williams <anguswilliams@gmail.com>
@ManishaKumari295
Copy link

The current ticket is linked to - #60

@ManishaKumari295
Copy link

Created an issue for its review and details - #60

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants