Alert & Audit integrations
Connect the Lenses Agent to your alerting and auditing systems.
The Agent can send out alerts and audits events. Once you have configured alert and audit connections, you can create alert and audit channels to route events to them.
Names must match be alphanumeric or dash non-empty string.
Alerts
DataDog
datadog:
- name: my-datadog-connection
version: 1
tags: [tag1, tag2]
configuration:
# The Datadog site.
site:
value:
# The Datadog API key.
apiKey:
value:
# The Datadog application key.
applicationKey:
value:
AWS CloudWatch
See AWS connection.
PagerDuty
pagerduty:
- name: my-pagerduty-connection
version: 1
tags: [tag1, tag2]
configuration:
# An Integration Key for PagerDuty's service with Events API v2 integration type.
integrationKey:
value:
Slack
slack:
- name: my-slack-connection
version: 1
tags: [tag1, tag2]
configuration:
# The Slack endpoint to send the alert to.
webhookUrl:
value:
Alert Manager
alertManager:
- name: my-alertmanager-connection
version: 1
tags: [tag1, tag2]
configuration:
# Comma separated list of Alert Manager endpoints.
endpoints:
value:
Webook (Email, SMS, HTTP and MS Teams)
webhook:
- name: my-webhook-alert-connection
version: 1
tags: [tag1, tag2]
configuration:
# The host name for the HTTP Event Collector API of the Splunk instance.
host:
value:
# The port number for the HTTP Event Collector API of the Splunk instance. (int)
port:
value:
# Set to true in order to set the URL scheme to https.
# Will otherwise default to http.
useHttps:
value:
# An array of (secret) strings to be passed over to alert channel plugins.
creds:
value:
-
-
Audits
Webhook
webhook:
- name: my-webhook-audit-connection
version: 1
tags: [tag1, tag2]
configuration:
# The host name for the HTTP Event Collector API of the Splunk instance.
host:
value:
# The port number for the HTTP Event Collector API of the Splunk instance. (int)
port:
value:
# Set to true in order to set the URL scheme to https.
# Will otherwise default to http.
useHttps:
value:
# An array of (secret) strings to be passed over to alert channel plugins.
creds:
value:
-
-
Splunk
splunk:
- name: my-splunk-connection
version: 1
tags: [tag1, tag2]
configuration:
# The host name for the HTTP Event Collector API of the Splunk instance.
host:
value:
# The port number for the HTTP Event Collector API of the Splunk instance. (int)
port:
value:
# Use TLS. Boolean, default false
useHttps:
value:
# This is not encouraged but is required for a Splunk Cloud Trial instance. Bool
insecure:
value:
# HTTP event collector authorization token. (string)
token:
value:
Last updated
Was this helpful?