Overview

To direct the event stream to AWS Firehose, integrate OspRamp with EventBridge.

The Streaming Export feature allows streaming of live data to various third-party tools using AWS EventBridge through Export Integration and create Streaming Export. The stream data is managed with the edit and delete options and the exported data is viewable at the target locations.

Notes:

  • The integration is available only at partner level.
  • Streaming Export is accessible only with Stream Exports add-on is enabled.
  • Streaming export only supports Alerts category data.

How to Create a Streaming Export?

Follow these steps to create a Streaming export:

  1. Select the Stream Exports Add-on
  2. Install an Export Integration
  3. Configure a Streaming Export

Step 1 - Select the Stream Exports Add-on

Follow these steps to enable the Stream Exports Add-on:

  1. Navigate to Setup > Accounts > Partners.
  2. Search for the partner and click on partner name.
  3. Click Edit.
  4. In EDIT PARTNER screen, click Add Ons tab.
  5. Select Stream Exports.
    Stream Export Add-on
  6. Click Save.

Step 2 - Install an Export Integration

Integrate third-party tools based on preferences. After successfully integrating with the console, create a stream export to route the live data to the target location in AWS EventBridge or to a third-party tool using a Webhook.

See AWS EventBridge Integration or Webhook Integration for more information.

Step 3 - Configure a Streaming Export

Follow these steps to configure a streaming export:

  1. Click Setup > Account.

  2. Select the Integrations tile.

  3. The Installed Integrations screen is displayed, with all the installed applications.

  4. If you do not have any installed applications, you will be navigated to the Available Integrations page. The Available Integrations page displays all the available applications along with the newly created application with the version.
    Note: Search for Streaming Export application using the search option available. Alternatively, search for Exports from All Categories option and select it.

  5. Click +ADD in Streaming Export tile.

    Add Stream Export screen

  6. Enter the following information:

    Mandatory fields
    GENERAL DETAILS
    Field NameField TypeDescription
    NameStringUnique name of the export.
    Category TypeDropdownType of data for export. Select Alerts or Logs.
    Based on the Category Type selected, the input fields change.
    • For Category Type as Alerts:
    1. clients: Select All or select_clients.
      If you select All, the data will be exported to all clients under the partner.
      If you select select_clients, the data will be exported to the selected clients. Select clients from the Select Clients dropdown.
    Export toDropdownSpecify the integration: AWS EventBridge or Webhook.
    If the integrations are not available, you can create them:
    1. Click +ADD in the Export to dropdown.
      The ADD INTEGRATION window is displayed.
    2. Select Integration type from the dropdown.
    3. For AWS EventBridge
      1. Name: Enter the integration name.
      2. Access Key: Unique Identifier to access the AWS EventBridge.
      3. Secret key: Key generated from the AWS portal.
      4. Confirm Secret key: Secret generated from the AWS portal.
      5. Region name: Name of the cloud storage location.
      6. Event Bus Name: Event bus that receives the events from OpsRamp and AWS services.
      7. Event Source: Event pattern or text specified in the Rules section in EventBridge. Use this to filter the incoming events.
        Example: { "Source": [ "pattern" ] }.
      8. Detail Type: Parameter to do more filtering in EventBridge.
      9. Click ADD.

      For more information, see AWS Supported Services.

      For Webhook
      Under CONFIGURATION:
      1. Name: Unique name for the integration.
      2. Webhook URL: Provide the client (INBOUND) webhook URL.
        Example: https://uat.opsramp.net/integrations/alertsWebhook/{tenantId}/alerts?vtoken={vtoken}
      3. HEADERS: Select values from Name and Value dropdowns.
        1. Name: Select a Header name. Default header name is Content-Type.
        2. Value: Select a Header value. Default header value is application/json.
          • Click +ADD to add more headers.
          • OpsRamp supports only JSON content-type.
      4. Payload: Enter a payload.
      5. Give a space and enter $ to get a list of tokens.
        Note: The following tokens do not work during the ingestion of raw alerts: `repeatCount`, `alertId`, `technology`, `healedTime`.
        To validate the payload:
        1. Click VALIDATE PAYLOAD.
        2. Hover over the icon for more information.
      6. Click ADD.

      For more information, see Webhook Integration.

    Send raw eventsCheckboxSelect to send raw events to the destination.
    FILTER CRITERIA:SelectUse the smart filter criteria to filter specific alerts.
    You can filter alert streaming by resource type, metric, state, alert type, etc.
    1. Click +QUERY and build OpsQL query to filter alerts.
    2. Example: resource.type = "VMware"
      This will filter alert streaming by resource type.

    Field NameField TypeDescription
    Category TypeDropdownType of data for export. Select Logs.
    • For Category Type as Logs:
    1. clients: Select All or select_clients.
      If you select All, the data will be exported to all clients under the partner.
      If you select select_clients, the data will be exported to the selected clients. Select clients from the Select Clients dropdown.
    Http EndpointStringEnter the HTTP Endpoint.
    Note: You need to register for Splunk Cloud to get the endpoint details. Once registered, you will receive the necessary information you need to start sending data to Splunk Cloud. The email might provide a sample HTTP endpoint like the one below:
    https://{prd-p-j2qyn.splunkcloud.com}:8080/services/collector/raw
    TypeDropdownSelect Splunk.
    Use SSLCheckboxSelect the option for enhanced security.
    AUTH HEADERCheckboxAuth Header Key: Authorization.
    Auth Header Value: Provide the Token Value prefixed with the string "Splunk". Note: You can generate a new token from Settings > Data Inputs > HTTP Event Collector from Splunk cloud.
  7. Click FINISH to apply the export.

View Streaming Export Data

Column NameDescription
NameName of the streaming export.
StatusIntegration status.
Added OnDate and time details of the added account. Information about the user who added the account is also displayed.
Updated OnDate and time details of the modified account. Information about the user who modified the account is also displayed.

View Streaming Export Data on AWS S3

Check the corresponding folder in the AWS S3 bucket to view the generated streaming export. Example: Alerts stream data is stored in the Alerts folder.

View Stream Export Data in AWS S3