The format used by a vRealize Log Insight webhook depends on the type of query from which it is created. System notifications, user alert message queries, and alerts generated from aggregate user queries each have a different webhook format.

When you send an alert generated by a user alert message query to a third-party program, you must write a shim to make vRealize Log Insight information understandable by the third-party program's formats.

User Alert Message Query Webhook Format

The following example shows the format of a vRealize Log Insight webhook for a user alert message query.

{  
   "AlertType":1,
   "AlertName":"Hello World Alert",
   "SearchPeriod":300000,
   "HitCount":0.0,
   "HitOperator":2,
   "messages":[  
      {  
         "text":"hello world 1",
         "timestamp":1451940578545,
         "fields":[  
            { 
               "name":"Field_1",
               "content":"Content 1"
            },
            { 
               "name":"Field_2",
               "content":"Content 2"
            }
         ]
      },
      {  
         "text":"hello world 2",
         "timestamp":1451940561008,
         "fields":[  
            { 
               "name":"Field_1",
               "content":"Content 1_2"
            },
            { 
               "name":"Field_2",
               "content":"Content 2_2"
            }
         ]
      }
   ],
   "HasMoreResults":false,
   "Url":"https://10.11.12.13/s/8pgzq6",
   "EditUrl":"https://10.11.12.13/s/56monr",
   "Info":"This is an alert for all the 'Hello World' messages",
   "NumHits":2
}