The format of a vRealize Log Insight webhook depends on the type of query from which it is created. System notifications, user alert message queries, and alerts generated from aggregate user queries each have a different webhook format.

You must be a vRealize Log Insight administrator to configure vRealize Log Insight to send system notifications.

When you send a system notification to a third-party program, you must write a shim to make vRealize Log Insight information understandable by the third-party program's formats.

Webhook Format for System Notifications

The following example shows the vRealize Log Insight webhook format for system notifications.

   "AlertName":" Admin Alert: Worker node has returned to service  (Host =",
         "text":"This notification was generated from Log Insight node (Host =, Node Identifier = a31cad22-65c2-4131-8e6c-27790892a1f9).\n\nA worker node has returned to service after having been in maintenance mode.\n\nThe Log Insight master node (Host: <a href=''></a>, Node Identifier: 88fc9956-bf9a-428b-806a-22ff07636273) reports that worker node has finished maintenance and exited maintenance mode. The node will resume receiving configuration changes and serving queries. The node is also now ready to start receiving incoming log messages. If an external load balancer is configured to distribute messages among workers, the administrator should add this node back to the pool of nodes receiving incoming messages.\n\nThis message was generated by your Log Insight installation, visit the <a href=''>Documentation Center</a> for more information.",