Using "Webhook" Destination: Can we transform events to be used as HTTP requests?
Using "Webhook" Destination: Can we transform events to be used as HTTP requests?Background - we are trying to send alerts from the Cribl Internal (Logs) source. We use a pipeline to reduce these events down to only Cribl errors and any Cribl Internal Logs that we care about. However, we need a way to send this data in the correct format to something like Slack "Incoming Webhooks."2 Problems with Sending Events as HTTP Requests Using "Webhook" Destination:
- Slack has a specific format and keys for the JSON body data -
- There are certain keys that may only appear in the JSON that Slack receives like "text".
- This is also problematic when we can't control if cribl_pipe is appended to the top-level fields
- The JSON data must be individual events in JSON with "ContentType: application/json".
- This is problematic, it seems, because the events are batched using NDJSON, JSON array, or even with the custom option (image below) they are batched and you can only choose where to put the batched events.
Maybe I'm going about this wrong, I have to make an external proxy instead to handle these requests, Cribl already has this functionality, or this is not the point of Cribl Internal logs and how to use them.(Below is image of General Setting for Webhook destination)