The built-in Graylog Alerts trigger initiates flows when it receives a request from a webhook in Graylog.
- Go to the Triggers tab in the palette, expand the App Triggers section and drag the trigger onto the canvas.
- Double-click the trigger (or click the pencil icon).
- Set the authenticating user, and then copy the URL — you'll use this to set up the webhook in Graylog. Alternatively, you can create an integration user to use as the authenticating user.
- Click the Flood Control tab to edit the trigger's default flood control settings. For more information about these settings, see Trigger Flood Control.
- Click Done.
- On the flow canvas, connect the steps you want to run when xMatters receives a request to that URL.
You're now ready to configure Graylog to target the trigger.
Configure Graylog to send requests to the trigger URL
To have Graylog send alerts to the flow trigger, you need to configure a webhook and set it to use the trigger URL.
You'll need to create a Notification in Graylog and then add it to a new or existing Event Definition.
- In Graylog, navigate to the Alerts tab and click Notifications.
- On the Notifications screen, click Create Notification.
- Fill in the following fields for the notification:
- Title: xMatters
- Notification Type: HTTP Notification
- URL: Paste the URL you copied from the Flow Designer trigger. Add the target names of any recipients you want xMatters to notify when the alert fires.
- For example, if you want to notify Emma Pearson, Mary McBride, and the on-call members in the Monitor Team responsible for the service, you'd add ?recipients=epearson,mmcbride,monitor%20team to the URL.
- You must URL-encode any special characters or spaces in the target names.
- After you've filled in the URL field, click Add to URL Whitelist.
- In the Update Whitelist Configuration dialog box, give your URL a title and click Save.
- To test whether you've configured the webhook correctly, click Execute Test Notification.
- In xMatters, you can check for the incoming signal to your trigger from the Signals Report.
- Click Create.
Now that the notification is created, add it to a new or existing Event Definition.
- Click Event Definitions.
- Click the Notifications section of the Event Definition and then click Add Notification.
- Use the Choose Notifications drop-down to select the notification you created for xMatters, then click Done.
You're ready to use the webhook to trigger automated flows, including steps such as sending alerts and initiating incidents, though we always recommend testing before putting things into use.
The Graylog Alerts trigger has the following outputs you can use as inputs to steps further along the flow.
|Recipients||List of targeted recipients. Recipients are set by adding a recipients query parameter to the trigger URL when you configure the webhook in Graylog.|
|Signal Mode||Determines the flow path to follow, based on the value of the Event ID parameter.|
|Signal ID||Key or identifier used to terminate or correlate events/signals|
|Event Description||Description of the event, as provided by Graylog.|
|Event Title||Title of the Graylog event.|
|Key||Event key displayed as a single string.|
|Priority||Priority level of the event as specified by Graylog.|
|Streams||List of Graylog stream IDs the event is associated with.|
|Timestamp||Timestamp of when the event was created in Graylog.|
|Raw Request||JSON representation of the request. You can parse the raw request if you need additional details beyond the standard outputs.|