The format of a vRealize Log Insight webhook depends on the type of query from which it is created. System notifications, user alert message queries, and alerts generated from aggregate user queries each have a different webhook format.

You must be a vRealize Log Insight administrator to configure vRealize Log Insight to send system notifications.

When you send a system notification to a third-party program, you must write a shim to make vRealize Log Insight information understandable by the third-party program's formats.

Webhook Format for System Notifications

The following example shows the vRealize Log Insight webhook format for system notifications.

	
{
   "AlertName":" Admin Alert: Worker node has returned to service  (Host = 127.0.0.2)",
   "messages":[
      {
         "text":"This notification was generated from Log Insight node (Host = 127.0.0.2,  
	Node Identifier = a31cad22-65c2-4131-8e6c-27790892a1f9).
	A worker node has returned to service after having been in maintenance mode. 
	The Log Insight master node reports that worker node has finished maintenance 
	and exited maintenance mode. The node will resume receiving configuration changes and 
	serving queries. The node is also now ready to start receiving incoming log messages. If an external 
	load balancer is configured to distribute messages among workers, the 
	administrator should add this node back to the pool of nodes receiving incoming messages."

         "timestamp":1458665320514,"fields":[]
      }
   ]
}