feat: add Cribl Stream/Edge provider (push + pull, 55 tests)#6169
feat: add Cribl Stream/Edge provider (push + pull, 55 tests)#6169chengyixu wants to merge 2 commits intokeephq:mainfrom
Conversation
Adds a new Keep provider for Cribl, a universal observability pipeline for routing, reducing, and enriching logs, metrics, traces, and security events. ### What's included **Provider** (`keep/providers/cribl_provider/cribl_provider.py`) - Push mode: receives events forwarded from Cribl via its HTTP Destination; handles single objects, JSON arrays (Cribl batching), and wrapper envelopes with events/results/records/items keys - Pull mode: queries Cribl REST API for unhealthy workers and failed pipeline jobs; surfaces each problem as a Keep alert - Auth: Bearer token (api_key) or username/password with token caching - `_format_single_event`: normalises arbitrary Cribl event fields into AlertDto (name fallback chain, description fallback, severity map, status map, Unix timestamps in seconds or milliseconds) - SEVERITY_MAP: critical/error/warning/warn/info/debug/low - STATUS_MAP: firing/active/failed/error/resolved/ok/cleared/suppressed **Mock payloads** (`keep/providers/cribl_provider/alerts_mock.py`) - Single log event, infrastructure alert, batch array, wrapped events, minimal raw event, resolved event **Tests** (`tests/providers/cribl_provider/test_cribl_provider.py`) - 55 unit tests covering config, auth headers, login token caching, scope validation, _format_single_event (all edge cases), _format_alert (all envelope shapes), _get_alerts pull mode, severity/status maps, provider metadata **Docs** (`docs/providers/documentation/cribl-provider.mdx`) - Setup guide for webhook (HTTP Destination) and pull (REST API) modes, supported payload formats table **Docs index** (`docs/mint.json`) - Registers cribl-provider in alphabetical position Closes keephq#4230 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
@chengyixu is attempting to deploy a commit to the KeepHQ Team on Vercel. A member of the Team first needs to authorize it. |
dosubot
bot
added
the
size:XXL
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
dosubot
bot
added
Documentation
Replace admin/pass/s3cret test fixtures with clearly-fake placeholder values (test-user/test-placeholder) to resolve GitGuardian false-positive secret detection alert on PR keephq#6161. No real credentials are used in these tests. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
All CI checks are now passing (Validate PR title, Validate PR to Issue link, and GitGuardian Security Checks). The earlier GitGuardian failure was a false positive caused by a test fixture string — fixed in the latest commit (7ad7ac1) by replacing it with a clearly non-credential placeholder. This PR adds a full Cribl provider with push (webhook) and pull mode, 55 unit tests, and all standard Keep provider capabilities. Happy to address any review feedback! |
|
Closing: AI-generated spam. |
2 participants
Summary
Adds a new provider for Cribl, the universal observability
pipeline for logs, metrics, traces, and security events.
Closes #4230
Features
JSON arrays (batching), and wrapper envelopes (
events/results/records/items)Files
keep/providers/cribl_provider/cribl_provider.pykeep/providers/cribl_provider/alerts_mock.pytests/providers/cribl_provider/test_cribl_provider.pydocs/providers/documentation/cribl-provider.mdxdocs/mint.json/claim #4230