You can configure alerts in vRealize Log Insight to send webhook notifications to a remote web server when specific data appears in the logs. Webhooks provide event notifications over HTTP POST/PUT.

The content of the webhook notification contains up to 10 events that meet the alert query criteria. In aggregated queries, the content contains up to 10 groups that meet the alert criteria. The content contains the total number of events and groups and a link to the Explore Logs page. This page displays all the events or groups of events.

Note: The server might report a success or failure. vRealize Log Insight retries on failure. vRealize Log Insight treats all HTTP/2 xx status code responses as successful. All other responses, including timeouts or refused connections, are considered failed and retried later.

Prerequisites

  • Verify that you are logged in to the vRealize Log Insight web user interface, for which the URL format is https://log_insight-host. Here, log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
  • Verify that your user account is associated with a role that has the relevant permissions for alerts.

    If your user account is assigned a role with view access to alerts (for example, the User role), you can view and manage all the alerts in your organization.

    If your user account is assigned a role with edit or full access to alerts (for example, the Super Admin role):
    • You can activate or deactivate all the system alerts in your organization.
    • You can create, modify, and remove all the user-defined alerts in your organization.
    For information about roles, see Create and Modify Roles in Administering vRealize Log Insight.
Also, verify that a web server has been configured to receive webhook notifications. For more information, see Configure a Webhook.

Procedure

  1. Expand the main menu and navigate to Alerts > Alerts Definition.
  2. Click Create New.
    Tip: Alternatively you can navigate to the Explore Logs page and create an alert based on a query. Enter a query, and next to the Search button, click "" and select Create Alert from Query.
  3. Enter the alert name, description, and trigger condition as described in Define an Alert.
    The alert name and description are included in the notification that vRealize Log Insight sends.
  4. From the Webhooks drop-down menu, select a webhook.
  5. Click Save.

What to do next

You can activate, deactivate, or modify the alert.