You can configure alerts in vRealize Log Insight to send webhook notifications to a remote web server when specific data appears in the logs. Webhooks provide event notifications over HTTP POST/PUT.
The content of the webhook notification contains up to 10 events that meet the alert query criteria. In aggregated queries, the content contains up to 10 groups that meet the alert criteria. The content contains the total number of events and groups and a link to the Interactive Analytics page. This page displays all the events or groups of events.
Note: The server might report a success or failure.
vRealize Log Insight retries on failure.
vRealize Log Insight treats all HTTP/2
xx status code responses as successful. All other responses, including timeouts or refused connections, are considered failed and retried later.
Prerequisites
- Verify that you are logged in to the vRealize Log Insight web user interface, for which the URL format is https://log_insight-host. Here, log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
- Verify that your user account is associated with a role that has the relevant permissions for alerts.
If your user account is assigned a role with view access to alerts (for example, the User role), you can view all the alerts in your organization . However, you can manage only your own alerts.
If your user account is assigned a role with edit or full access to alerts (for example, the Super Admin role):For information about roles, see Create and Modify Roles in Administering vRealize Log Insight.- You can activate or deactivate all the system alerts in your organization.
- You can create, modify, and remove all the user-defined alerts in your organization.
Procedure
- Click Create New.
Tip: Alternatively you can navigate to the Interactive Analytics tab and create an alert based on a query. Enter a query, and next to the Search button, click
and select
Create Alert from Query.
