Logo
RSS Feed

πŸ‘ˆπŸΌ Back to
πŸ“š Network

Sending Events

Created: 28.07.2022

This is about … .

Long-Polling

WebSockets

Server-Sent Events

WebHook

A webhook is an HTTP request, triggered by an event in a source system and sent to a destination system, often with a payload of data. Webhooks are automated, in other words they are automatically sent out when their event is fired in the source system.

Let’s build an analogy.

Imagine a fisher 🎣 has cast a fishing line and now is waitng for a fish to bite. How does the fisher know that this event has occured? Well, he feels the fishing line to get strained and the float to move across the surface. Now, once our fisher has received those signals, he can act upon them. That’s pretty much it.

I would like to show an example more technical than the above πŸ˜‚. One of the usages could be to send logs or notifications to a remote machine.

For example, you have a Incident Management service (OpsGenie, for example) and you’d like to connect it to Elastic SIEM, meaning that you’d like any alerts coming from SIEM go directly to OpsGenie. Who’s the fisher here? Well, OpsGenie is the fisher, SIEM is the pond and each event is a fish 🐟 … or not a fish.

img

The easiest way, of course, is when there are available pre-built integrations that would ease the process. For example, for Elastic SIEM there is X-Pack Alerting (in OpsGenie go to Settings -> Integrations -> X-Pack Alerting). There are lot of complicated fields but there are just a few essential ones. First and foremost copy the code snippet at the beginning, in the Settings section:

"opsgenie" : {
    "webhook" : {
        "scheme" : "https",
        "method" : "POST",
        "host" : "api.opsgenie.com",
        "port" : 443,
        "path" : "/v1/json/eswatcher",
        "headers" : {
            "Content-Type" : "application/json"
        },
        "params": {
            "apiKey": "πŸ”‘"
        },
        "body" : "{{#toJson}}ctx{{/toJson}}"
    }
}

API key πŸ”‘ is generated by the integration. You can’t generate the key πŸ”‘ yourself in API management section. It won’t work with the integration and besides, you can’t paste anything in this field. You can only regenerate the πŸ”‘.

Now, time to go to Elastic now. There are two ways to make this work.

  • Option 1. X-Pack API key + Elastic WebHook Connector + Rules
    • 🧞 Get OpsGenie API key and turn X-Pack on (fisher sits at the pond)
    • πŸ‹πŸΌβ€β™‚οΈ Configure the Connector in Elastic (set up a fishing line)
    • πŸ‹πŸΌβ€β™‚οΈ Configure Elastic Rules (get the appropriate bait for the fish)
  • Option 2. X-Pack (OpsGenie) + Watcher (Elastic)
    • 🧞 Get OpsGenie API key and turn X-Pack on (fisher sits at the pond)
    • πŸ‹πŸΌβ€β™‚οΈ Configure Watcher in Elastic (set up a fishing line and get the appropriate bait for the fish)
    • 🧞 Set-up X-Pack in OpsGenie

Message. You obviously need to deine what message would look like. The default one is: [X-Pack Alerting] {{watchId}} is triggered. Total Hits: {{totalHits}}. Optionally, you can configure the filter if you don’t want to receive all the events.

When all the settings are done, click Enabled to set all up and running.

Another example to see would be some open-source k8s cluster watcher here.

Backpressure

References

{{ <details “Expand …"> }}

{{ }}