A which version of the Cribl support integration with the BigPanda?

Pawel Kwiatkowski

Pawel Kwiatkowski

Presently we
are testing integration via the webhook on the Cribl 4.0.4 and we are getting a
failed respond from the BP: ''Body Parser failed to parse request -->
Unexpected token" on some cases.

We noticed
that is happening when in a payload contains more than one event.

On the
BigPanda is defined a format how the payloda should looks in https://docs.bigpanda.io/reference/alerts

Shane Hay

When setting up Notification Target to BigPanda, I had to set the following:
event delimiter: , # comma
content type: application/json
batch expression: `{"alerts" : [${events}] }` # note the backticks
add your BigPanda app_key as a header

In the BigPanda Cribl Integration:
create a test payload that includes alerts list with multiple json events
check Multiple alerts per payload
choose "alerts" in the text box (captured from the test payload)
add "ALARM" to criticial status
add "OK" to ok status

For the actual Cribl notification:
you have to override the "origin_metadata" field to a single value (instead of a list)
other key value pairs need to be added to metadata section according to your setup of BigPanda, but you can set host, check, bp_priority, and any other fields you want to show up in BigPanda.

I highly recommend using the Cribl API to automate creation of the notifications. I ended up adding custom tags to each input which are used to setup the notification time window values. It's now easy to maintain notifications on all sources.