Using Rest API V2 to send custom field to PagerDuty

Hello EvreyOne ,
I Using event APi v2 to send Alerts from my Opensearch to the PagerDuty
i using this syntax to send vert basic fields but i want to make it more complicated :
i add the basic syntx that i use :

{ "event_action": "trigger",
"payload" :
	{	"summary": "{{ctx.trigger.name}}",
		"source": " {{ctx.monitor.name}}",
		"severity": "critical",
		"custom_details":
			{
				"-Severity" : "{{ctx.trigger.severity}}",
				"-Period start" : "{{ctx.periodStart}}",
				"-Period end": "{{ctx.periodEnd}}"
		                “-Involved User": "{{ctx.Username}}"
	}
}

i have This JSON file :

{
  "_index": "logstash-master-cloudtrail-logs-2024.02.12",
  "_id": ",
  "_version": 1,
  "_score": null,
  "_source": {
    "userIdentity": {
      "sessionContext": {
        "sessionIssuer": {
          "principalId": "AROASNCfghgh
          "accountId": "165500561426",
          "arn": "arn:awsdfsgdfgdfgdfgdfg0",
          "type": "Role",
          "userName": “user"
        },
        "webIdFederationData": {},
        "attributes": {
          "creationDate": "2024-02-12T15:23:02Z",
          "mfaAuthenticated": "false"
        }
      },
      "arn": "arn:aws:sts::1arn",
      "accessKeyId": "ASIASNCE2FAJBFLZ466B",
      "principalId": "AROASNCE2FAJHR4WZ3J4O:amit.blum@bluevine.com",
      "accountId": "165500561426",
      "type": "AssumedRole"
    },
    "tags": [
      "_dateparsefailure"
    ],
    "sourceIPAddress": “0.0.0.0",
    "responseElements": null,
    "userAgent": "AWS Internal",
    "requestID": "0aeb072b-f6fc-4f34-b472-eb18ebe8ddf4",
    "@version": "1",
    "eventVersion": "1.08",
    "sessionCredentialFromConsole": "true",
    "lag": 236,
    "eventName": "ListPermissionSetsProvisionedToAccount",
    "requestParameters": {
      "instanceArn": “yarn",
      "accountId": "733164361137"
    },
    "eventCategory": "Management",
    "event_ingest_time": "2024-02-12T16:51:54.174Z",
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "eventSource": "sso.amazonaws.com",
    "eventID": "c8b2e6e9-1c1b-4412-b4fa-c6ee542e6072",
    "readOnly": true,
    "recipientAccountId": "165500561426",
    "awsRegion": "us-east-1",
    "@timestamp": "2024-02-12T16:47:58.000Z"
  },
  "fields": {
    "@timestamp": [
      "2024-02-12T16:47:58.000Z"
    ],
    "event_ingest_time": [
      "2024-02-12T16:51:54.174Z"
    ],
    "userIdentity.sessionContext.attributes.creationDate": [
      "2024-02-12T15:23:02.000Z"
    ]
  },
  "highlight": {
    "eventName": [
      "@opensearch-dashboards-highlighted-field@ListPermissionSetsProvisionedToAccount@/opensearch-dashboards-highlighted-field@"
    ]
  },
  "sort": [
    1707756478000
  ]
}

i want to send to pager duty this fields :

  • sourceipadress

  • principle id

how can i do it ?

@Dexter_96 Did you fix this issue with the solution described here?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.