Supported Providers
Graylog Provider
The Graylog provider enables webhook installations for receiving alerts in Keep
Overview
The Graylog Provider facilitates receiving alerts from Graylog by setting up Webhook connections. It allows seamless integration with Graylog to receive notifications about events and alerts through Keep.
Authentication
This provider requires authentication.
- graylog_user_name: Username (required: True, sensitive: False)
- graylog_access_token: Graylog Access Token (required: True, sensitive: True)
- deployment_url: Deployment Url (required: True, sensitive: False)
In workflows
This provider can be used in workflows.
As “step” to query data, example:
If you need workflow examples with this provider, please raise a GitHub issue.
Scopes
- authenticated: Mandatory for all operations, ensures the user is authenticated.
- authorized: Mandatory for querying incidents and managing resources, ensures the user has
Admin
privileges.
Connecting with the Provider
- Obtain the username and access token from your Graylog instance by following Graylog’s API Access Documentation.
- Set the deployment URL to your Graylog instance’s base URL (e.g.,
http://127.0.0.1:9000
). - Ensure the user has the Admin role in Graylog.
Features
The Graylog Provider supports the following key features:
- Webhook Setup: Configures webhooks to send alerts to Keep.
- Alerts Retrieval: Fetches and formats alerts from Graylog based on specified search parameters (only a maximum of 10000 most recent alerts)
Ensure that the product of page
and per_page
does not exceed 10,000.
The notification URL for Graylog v4.x has the api_key as a query param, this is the default behaviour.