The format of a vRealize Log Insight webhook depends on the type of query from which it is created. System notifications, user alert message queries, and alerts generated from aggregate user queries each have a different webhook format.

Note: To configure vRealize Log Insight to send system notifications, you must be a user associated with the Super Admin role, or a role with the relevant permissions. For more information, see Create and Modify Roles.

Webhook Format for System Notifications

The following example shows the vRealize Log Insight webhook format for system notifications.
{ "AlertName":" Admin Alert: Worker node has returned to service (Host = 127.0.0.2)", "messages":[ { "text":"This notification was generated from Log Insight node (Host = 127.0.0.2, Node Identifier = a31cad22-65c2-4131-8e6c-27790892a1f9). A worker node has returned to service after having been in maintenance mode. The Log Insight primary node reports that worker node has finished maintenance and exited maintenance mode. The node will resume receiving configuration changes and serving queries. The node is also now ready to start receiving incoming log messages." "timestamp":1458665320514,"fields":[] } ] }