You can configure alerts in VMware Aria Operations for Logs to send webhook notifications to a remote web server when specific data appears in the logs. Webhooks provide event notifications over HTTP POST/PUT.
The content of the webhook notification contains a maximum of up to 200 events that meet the alert query criteria. In aggregated queries, the content contains up to a maximum of 200 groups that meet the alert criteria. The content contains the total number of events and groups and a link to the Explore Logs page. This page displays all the events or groups of events.
Note: The server might report a success or failure.
VMware Aria Operations for Logs retries on failure.
VMware Aria Operations for Logs treats all HTTP/2
xx status code responses as successful. All other responses, including timeouts or refused connections, are considered failed and retried later.
Prerequisites
- Verify that you are logged in to the VMware Aria Operations for Logs web user interface, for which the URL format is https://operations_for_logs-host. Here, operations_for_logs-host is the IP address or host name of the VMware Aria Operations for Logs virtual appliance.
- Verify that your user account is associated with a role that has the relevant permissions for alerts.
If your user account is assigned a role with view access to alerts (for example, the User role), you can view and manage all the alerts in your organization.
If your user account is assigned a role with edit or full access to alerts (for example, the Super Admin role):For information about roles, see Create and Modify Roles in Administering VMware Aria Operations for Logs.- You can activate or deactivate all the system alerts in your organization.
- You can create, modify, and remove all the user-defined alerts in your organization.
Procedure
- Click Create New.
Tip: Alternatively you can navigate to the Explore Logs page and create an alert based on a query. Enter a query, and next to the Search button, click
and select
Create Alert from Query.
