This repository has been archived by the owner on Feb 15, 2024. It is now read-only.
Implement support for Graylog JSON payloads #32
Labels
Milestone
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
https://docs.graylog.org/en/3.0/pages/streams/alerts.html#notifications
The first thought I have is using a new endpoint for Graylog alert payloads in order to keep them separate from Splunk alert payloads. Not sure whether this is the "best" approach, but it seems like it would be faster to implement.
The other approach that comes to mind is some some of automatic payload detection process. Perhaps concurrently run an Unmarshal attempt against the received payload using all known payload formats and whichever attempt results in a successful unmarshaling (first) is what we use.
That sounds like it would work fine for a system designed to take non-destructive action only (e.g., trigger a warning alert and nothing else), but where we are looking to take automatic action on an alert it seems like taking action on an assumption would be a very bad idea.
Separate endpoints is probably best for now with refactor work done later to unify, if a safe way to do so is found/proved.
The text was updated successfully, but these errors were encountered: