You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A request to add support for the remaining PD-CEF fields of:
Timestamp
Class
Group
A request to support processing the details template as json so we can send structured data through to Pagerduty. At the moment the options are:
Send through the full event JSON. This is a lot of unnecessary data and the deep nesting of fields (when using labels and annotations) makes it hard to read some fields on Pagerduty
Use a template to select required fields. Which unfortunately sends through the data as a string with no structure on the Pagerduty side which means you can't really use custom details in event rules
I'm hoping 1 is pretty uncontroversial and can be done. I would prefer it if these work similarly to summary and use a template.
I could accept 2 not happening if 1 goes ahead, but it really would be nice to have the option of templating structured data one-way or another.
In accordance with the contributing guidelines I'm opening an issue to discuss first, but I have made initial code changes on this branch. The changes can be seen on this compare view
I have tried to separate the commits to cover both requests:
These twocommits for adding the additional PD-CEF fields.
This commit which adds a --send-details-as-json flag to process the template as json.
There is undoubtably a better way of doing 2 than what I've done - and I definitely welcome feedback and guidance. What I've done is pretty simplistic: When I realised that using the template returned a string I just used a json.Unmarshal to parse that string as a Struct/JSON. It "works", but maybe a real solution lies deeper in the templating stuff?
The text was updated successfully, but these errors were encountered:
This is a single issue, but contains two parts:
I'm hoping 1 is pretty uncontroversial and can be done. I would prefer it if these work similarly to
summaryand use a template.I could accept 2 not happening if 1 goes ahead, but it really would be nice to have the option of templating structured data one-way or another.
In accordance with the contributing guidelines I'm opening an issue to discuss first, but I have made initial code changes on this branch. The changes can be seen on this compare view
I have tried to separate the commits to cover both requests:
--send-details-as-jsonflag to process the template as json.There is undoubtably a better way of doing 2 than what I've done - and I definitely welcome feedback and guidance. What I've done is pretty simplistic: When I realised that using the template returned a string I just used a
json.Unmarshalto parse that string as a Struct/JSON. It "works", but maybe a real solution lies deeper in the templating stuff?The text was updated successfully, but these errors were encountered: