Problem Statement
We want to use a Custom Webhook to create a Log Stream output that could be used to push log events toward Pager Duty.
Output is typically in JSON Line format.
However, the PagerDuty API expects events to be formatted in "Common Event Format (PD-CEF)"
https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgw-events-api-v2-overview
There is no way to direct Log Streaming to output an event in PD-CEF format.
Solution
Currently, there is no direct solution to this use case. A feature request was already created and is in the backlog status. The ETA is not available yet.
Possible workarounds include:
-
In the days before log streams, we used to suggest using Rules / Actions to interact with external services:
Log streams have made that approach largely redundant. But if you only wants to trap a few types of events (e.g. Login failures), this might be worth exploring. Implementation using Actions offers a more future-proof solution. -
If you requires a more generic solution, it may be possible to create a serverless lambda or similar and send Log Streaming data to that endpoint. The lambda can format and push out events towards Pager Duty API. This approach would require a fair amount of work and is probably overkill if you only want to monitor a few types of events. Here are some resources to get you started:
If this requirement is mission-critical, we suggest you contact our Professional Services team.