Versions Compared

Version Old Version 1 New Version Current
Changes made by

Shivi Sivasubramanian

Meghali Deb Roy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What does the integration offer?

Logstash sends event information via output plugins. With Compass's Logstash Integration, Compass acts as a dispatcher for these events, determines the right people to notify based on on-call schedules, notifies via email, text messages (SMS), phone calls and iOS and Android push notifications, and escalates alerts until the alert is acknowledged or closed.

How does the integration work?

According to the Logstash events:

  • Alert is created in Compass.

  • Designated alert is acknowledged.

  • Note is added to designated alert.

  • Designated alert is closed.

Set up the integration

Logstash is an API-based integration. Setting it up involves the following steps:

  • Add a Logstash integration in Compass

  • Configure the integration in Logstash

Add a Logstash integration

Info

In this release, only incoming integrations are fully supported in the Standard plan, at a team level. To use outgoing integrations or the outgoing part of bidirectional integrations, upgrade to a higher subscription plan. There may be restrictions on how you can create and apply integration rules as well.

You can add this integration only from your team’s operations page. Adding an integration from your team’s operations page makes your team the owner of the integration. This means Compass only assigns the alerts received through this integration to your team.

To add a Logstash integration in Compass, complete the following steps:

  1. Go to your team’s operations page.

  2. On the left navigation panel, select Integrations and then Add integration.

  3. Run a search and select “Logstash”.

  4. On the next screen, enter aname for the integration.

  5. Optional: Select a team in Assignee team if you want a specific team to receive alerts from the integration.

  6. Select Continue.
    The integration is saved at this point.

  7. Expand the Steps to configure the integration section and copy the API key.
    You will use this key while configuring the integration in Logstash later.

  8. Select Turn on integration.
    The rules you create for the integration will work only if you turn on the integration.

Configure the integration in Logstash

To configure the integration of Logstash with Compass, complete the following steps:

  1. Install the Compass plugin for Logstash. Find out how to install the plugin.

    • Logstash 5.4+:  bin/logstash-plugin install logstash-output-jsm

    • Other Versions: bin/plugin install logstash-output-jsm

  2. Add the following configuration to the configuration file:
    JSON

    Code Block
    output {
    jsm {
        "apiKey" => "logstash_integration_api_key"
    }
}

  3. Paste the API key copied previously into apiKey.
    The Compass Output plugin expects that events contain a field called "jsmAction". Also, Compass expects the data in a certain structure, so some additional fields are added to the event. To add fields, use a filter plugin like Mutate, Grok etc. Read more about the fields added to events and what they mean.

Following is an example of a Mutate filter enhanced with Ruby filter plugin configuration:

JSON

Code Block
filter {
  mutate{
    add_field => {
        "jsmAction" => "create"
        "alias" => "neo123"
        "description" => "Every alert needs a description"
        "actions" => ["Restart", "AnExampleAction"]
    "tags" => ["OverwriteQuietHours","Critical"]
    "[details][prop1]"=> "val1"
        "[details][prop2]" => "val2"
        "entity" => "An example entity"
        "priority" => "P4"
    "source" => "custom source"
    "user" => "custom user"
    "note" => "alert is created"
        }
    }
    ruby {
     code => "event.set('teams', [{'name' => 'Integration'}, {'name' => 'Platform'}])"
    }
}

  1. Run Logstash.

Find the plugin’s source on GitHub.