The format used by a vRealize Log Insight webhook depends on the type of query from which it is created. System notifications, user alert message queries, and alerts generated from aggregate user queries each have a different webhook format.

When you send a system notification to a third-party program, you must write a shim to make vRealize Log Insight information understandable by the third-party program's formats.

Webhook Format for User Alert Aggregation Queries

{ 
   "AlertType":2,
   "AlertName":"field_1 aggregated alert",
   "SearchPeriod":300000,
   "HitCount":2.0,
   "HitOperator":2,
   "messages":[ 
      { 
         "fields":[ 
            { 
               "name":"Field_1",
               "content":"Content 1"
            }
         ]
      }
   ],
   "HasMoreResults":false,
   "Url":"https://10.11.12.13/s/r25g3s",
   "EditUrl":"https://10.11.12.13/s/n3gsed",
   "Info":null,
   "NumHits":1
}