Graylog Integration Guide

Graylog is a powerful log management, aggregation and searching tool. You can set up notifications to go to PagerDuty when a Graylog stream triggers an alert. This allows you to utilize PagerDuty as the centralized location for on-call scheduling and notifications of your team.

In PagerDuty

      1. From the Configuration menu, select Services.
      2. On your Services page:If you are creating a new service for your integration, click +Add New Service.

        If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click the +New Integration button.

RS-Add-New-Service
RS-Add-Integration-Existing-Service

      1. Select your app from the Integration Type menu and enter an Integration Name.If you are creating a new service for your integration, in General Settings, enter a Name for your new service. Then, in Incident Settings, specify the Escalation Policy, Notification Urgency, and Incident Behavior for your new service.
      2. Click the Add Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.
        RS-Integration-Settings
      3. Copy the Integration Key for your new integration: RS_API_pd_3

On Your Graylog Server

    1. Download the Graylog PagerDuty plugin from GitHub. Then to install it, copy the .jar file that you received to your Graylog plugin directory which is configured in your graylog2.conf configuration file using the plugin_dir variable. Restart your graylog2-server process to load the plugin.

      Note that you should do this for every graylog2-server instance you are running.

    2. Now paste the Integration Key into the alarm callback configuration in Graylog.

    3. Once you’ve set off a new alarm within Graylog, an incident will be triggered in PagerDuty.