You can configure a webhook to send alert notifications to a remote web server. Webhooks provide notifications over HTTP POST/PUT.

Prerequisites

  • Verify that you are logged in to the VMware Aria Operations for Logs web user interface as a Super Admin user, or a user associated with a role that has the relevant permissions. See Create and Modify Roles for more information.

  • If you are creating a webhook with a VMware Aria Automation Orchestrator endpoint, ensure that you have created a workflow in VMware Aria Automation Orchestrator. For more information, see Create Workflows in the VMware Aria Automation Orchestrator Client.

Procedure

  1. Expand the main menu and navigate to Configuration > Webhooks.
  2. Click New Webhook.
  3. In the Name text box, enter a name for the webhook.
  4. Enter the following information.
    Option Description
    Endpoint Select the endpoint type to which you want to send the notification:
    • Slack
    • Pager Duty
    • Orchestrator
    • Custom

    Depending on the endpoint type you select, the user interface provides additional input options.

    The user interface also populates the webhook payload with a predefined template, which you can customize according to your requirement.
    Log Payload Select whether you want to send a webhook notification for each result matching the corresponding alert query or a single webhook notification for all matching results.
    • To send a single webhook notification for all matching results, select Log Stream.
    • To send a webhook notification for each matching result, select Individual Logs.
    Webhook URL Enter the URL for the remote web server where you want to post the webhook notifications. The URL format changes based on your endpoint selection. The sample format is provided in the text box.
    Note: In the VMware Aria Automation Orchestrator endpoint URL, you must include the ID of the corresponding workflow created in VMware Aria Automation Orchestrator.

    After entering the URL, click Test Alert to verify the connection.

    You can enter multiple webhook URLs separated by a blank space.
    Web Proxy If you have configured one or more HTTP proxies, select a proxy from the drop-down menu. VMware Aria Operations for Logs sends webhook notifications to the endpoint through the selected proxy.
    Integration Key If you select Pager Duty as the endpoint type, enter an integration key for webhook requests.
    Advanced Settings If you select Orchestrator or Custom as the endpoint type, you must provide more information.

    For the Orchestrator endpoint type, you can:

    • Enter the name and value of the Custom Header to authorize VMware Aria Automation Orchestrator requests. Some of the authorization options are:
      • Basic authentication - retain the default value Authorization in the first text box. In the second text box, enter a value in the format Basic Base64_encoded_string_for_username_and_password.
      • Bearer token authentication - Retain the default value Authorization in the first text box. In the second text box, enter a value in the format Bearer bearer_token.
    • Select the content type. The default value for Content Type is JSON. You can change it to XML if required. The webhook payload is generated according to the selected content type.

    For the Custom endpoint type, you can:

    • Select an Action such as POST and PUT. The default action is POST.
    • Select the Add Basic Authentication check box and enter the user name and password to authenticate the credentials with the server.
    • Add headers to the request under Custom Headers to provide additional information, if any.
    Webhook Payload

    This area is auto-populated based on your selection in the Endpoint Type drop-down menu. You can customize the payload, which is the template of the body sent as a part of the POST/PUT webhook notification request. The body can be in XML or JSON format.

    The parameters in the payload are replaced with the actual values while sending the webhook notification. For example the parameter $(AlertName) is replaced with the name of the alert.

    Note: For the Orchestrator endpoint type, the parameters should match the input or output parameters in the corresponding workflow created in VMware Aria Automation Orchestrator.
    Parameters Use the list of parameters to construct or modify the webhook payload:
    • AlertName
    • AlertNameString
    • AlertType
    • AlertTypeString
    • SearchPeriod
    • SearchPeriodString
    • HitOperator
    • HitOperatorString
    • messages
    • messagesString
    • HasMoreResults
    • HasMoreResultsString
    • Url
    • UrlString
    • EditUrl
    • EditUrlString
    • Info
    • InfoString
    • Recommendation
    • RecommendationString
    • NumHits
    • NumHitsString
    • TriggeredAt
    • TriggeredAtString
    • SourceInfo
    • SourceInfoString
    Note: Except messagesString, all the other string parameter types have the same content.
  5. Click Save.
    The webhook is created. You can click the Available Actions icon before to the webhook name to view, edit, or delete the webhook.

What to do next

Configure an alert to send webhook notifications to the selected endpoint. For more information, see Add an Alert to Send Webhook Notifications.

After configuring the alert, you can view the webhook notifications in the endpoint. For example, in VMware Aria Automation Orchestrator, the webhook notifications are listed as workflow runs. In each workflow run, you can see the values for the payload parameters in the variables section.