You can configure a webhook to send alert notifications to a remote web server. Webhooks provide notifications over HTTP POST/PUT.

Prerequisites

  • Verify that you are logged in to the vRealize Log Insight web user interface as a Super Admin user, or a user associated with a role that has the relevant permissions. See Create and Modify Roles for more information. The URL format of the web user interface is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.

  • If you are creating a webhook with a vRealize Orchestrator (vRO) endpoint, ensure that you have created a workflow in vRealize Orchestrator. For more information, see Create Workflows in the vRealize Orchestrator Client.

Procedure

  1. Expand the main menu and navigate to Alerts > Webhook.
  2. Click New Webhook.
  3. In the Name text box, enter a name for the webhook.
  4. Enter the following information.
    Option Description
    Endpoint Select the endpoint to which you want to send the notification, for example, Slack, Pager Duty, vRO, or a custom endpoint. Based on the selected endpoint type:
    • The user interface provides additional input options.
    • The user interface populates the webhook payload with a predefined template, which you can customize according to your requirement.
    Log Payload Select whether you want to send one webhook notification for each result matching the corresponding alert query or one notification for all matching results.
    • To send one webhook notification for each matching result, select Individual Logs.
      Note: If you select this option, you can send up to 10 notifications.
    • To send one webhook notification for all matching results, select Log Stream.
    Webhook URL Enter the URL for the remote web server where you want to post the webhook notifications. The URL format changes based on your endpoint selection. The sample format is provided in the text box.
    Note: In a vRO endpoint URL, you must include the ID of the corresponding workflow created in vRealize Orchestrator.

    After entering the URL, click Test Alert to verify the connection.

    You can enter multiple webhook URLs separated by a blank space.
    Web Proxy If you have configured one or more HTTP proxies, select a proxy from the drop-down menu. vRealize Log Insight sends webhook notifications to the endpoint through the selected proxy.
    Integration Key If you select a Pager Duty endpoint, enter an integration key for webhook requests.
    Advanced Settings If you select a vRO or custom endpoint, enter additional information such as content type, authorization, and so on.
    • For a vRO endpoint, the default value for Content Type is JSON. You can change it to XML if required. The webhook payload is generated according to the selected content type.
      Provide an authorization header to authorize vRO requests. Some of the authorization options are:
      • Basic authentication - Retain the default value Authorization in the first text box. In the second text box, enter a value in the format Basic Base64_encoded_string_for_username_and_password.
      • Bearer token authentication - Retain the default value Authorization in the first text box. In the second text box, enter a value in the format Bearer bearer_token.
    • For a custom endpoint, the default value for Content Type is JSON and Action is POST. You can customize these options and add additional headers to the request under Custom Headers. If the configured remote web server requires authorization to POST/PUT the webhook notification, enter the user name and password to authenticate with the server in the Authorization User and Authorization Password text boxes.
    Webhook Payload This area is auto-populated based on your selection in the Endpoint drop-down menu. You can customize the payload, which is the template of the body sent as a part of the POST/PUT webhook notification request. The body can be in XML or JSON format. The parameters in the payload are replaced with the actual values while sending the webhook notification. For example the parameter $(AlertName) is replaced with the name of the alert.
    Note: For a vRO endpoint, the parameters should match the input or output parameters in the corresponding workflow created in vRealize Orchestrator.
    Parameters You can use the list of parameters to construct or modify the webhook payload.
    • AlertName
    • AlertNameString
    • AlertType
    • AlertTypeString
    • SearchPeriod
    • SearchPeriodString
    • HitOperator
    • HitOperatorString
    • messages
    • messagesString
    • HasMoreResults
    • HasMoreResultsString
    • Url
    • UrlString
    • EditUrl
    • EditUrlString
    • Info
    • InfoString
    • Recommendation
    • RecommendationString
    • NumHits
    • NumHitsString
    • TriggeredAt
    • TriggeredAtString
    • SourceInfo
    • SourceInfoString
    Note: Except messagesString, all the other string parameter types have the same content.
  5. Click Save.

What to do next

Configure an alert to send webhook notifications to the selected endpoint. For more information, see Add an Alert to Send Webhook Notifications.

After configuring the alert, you can view the webhook notifications in the endpoint. For example, in vRO, the webhook notifications are listed as workflow runs. In each workflow run, you can see the values for the payload parameters in the variables section.