Generic Outbound Webhooks (Alert Webhooks)
Enhance your observability workflows by sending real-time event notifications and log data to any endpoint that accepts HTTP requests. With this generic outbound webhook, you can easily integrate Coralogix with different endpoints, automate responses to critical events, and improve your organization's incident management and alerting processes.
Create a Webhook
1
From the Coralogix toolbar, navigate to Data Flow > Outbound Webhooks.
2
In the Outbound Webhooks section, click GENERIC WEBHOOK.
3
Click + ADD NEW.
4
Enter a webhook name and the URL to which you want to send an event notification.
The UUID field is auto-populated.
5
Select an HTTP method for the webhook (GET, POST, or PUT).
6
Click NEXT.
7
[Optional] Edit the message to customize the header and body of the messages that will be sent when the webhook is triggered.
Examples
Webhook message body example
{
"alert_id": "$ALERT_ID",
"name": "$ALERT_NAME",
"description": "$ALERT_DESCRIPTION",
"threshold": "$ALERT_THRESHOLD",
"timewindow": "$ALERT_TIMEWINDOW_MINUTES",
"group_by_labels": "$ALERT_GROUPBY_LABELS",
"alert_action": "$ALERT_ACTION",
"alert_url": "$ALERT_URL",
"log_url": "$LOG_URL",
"icon_url": "$CORALOGIX_ICON_URL",
"service": "$SERVICE",
"duration": "$DURATION",
"errors": "$ERRORS",
"spans": "$SPANS",
"fields": [
{
"key": "team",
"value": "$TEAM_NAME"
},
{
"key": "application",
"value": "$APPLICATION_NAME"
},
{
"key": "subsystem",
"value": "$SUBSYSTEM_NAME"
},
{
"key": "severity",
"value": "$EVENT_SEVERITY"
},
{
"key": "priority",
"value": "$ALERT_PRIORITY"
},
{
"key" : "severityLowercase",
"value" : "$EVENT_SEVERITY_LOWERCASE"
},
{
"key": "computer",
"value": "$COMPUTER_NAME"
},
{
"key": "ipAddress",
"value": "$IP_ADDRESS"
},
{
"key": "timestamp",
"value": "$EVENT_TIMESTAMP"
},
{
"key": "hitCount",
"value": "$HIT_COUNT"
},
{
"key": "text",
"value": "$LOG_TEXT"
},
{
"key": "Custom field",
"value": "$JSON_KEY"
},
{
"key": "Group-by Field1",
"value": "$GROUP_BY_FIELD_1"
},
{
"key": "Group-by Value1",
"value": "$GROUP_BY_VALUE_1"
},
{
"key": "Group-by Field2",
"value": "$GROUP_BY_FIELD_2"
},
{
"key": "Group-by Value2",
"value": "$GROUP_BY_VALUE_2"
},
{
"key": "metricKey",
"value": "$METRIC_KEY"
},
{
"key": "metricOperator",
"value": "$METRIC_OPERATOR"
},
{
"key": "timeframe",
"value": "$TIMEFRAME"
},
{
"key": "timeframePercentageOverThreshold",
"value": "$TIMEFRAME_OVER_THRESHOLD"
},
{
"key": "metricCriteria",
"value": "$METRIC_CRITERIA"
},
{
"key": "ratioQueryOne",
"value": "$RATIO_QUERY_ONE"
},
{
"key": "ratioQueryTwo",
"value": "$RATIO_QUERY_TWO"
},
{
"key": "ratioTimeframe",
"value": "$RATIO_TIMEFRAME"
},
{
"key": "ratioGroupByKeys",
"value": "$RATIO_GROUP_BY_KEYS"
},
{
"key": "ratioGroupByTable",
"value": "$RATIO_GROUP_BY_TABLE"
},
{
"key": "uniqueCountValuesList",
"value": "$UNIQUE_COUNT_VALUES_LIST"
},
{
"key": "newValueTrackedKey",
"value": "$NEW_VALUE_TRACKED_KEY"
},
{
"key": "metaLabels",
"value": "$META_LABELS"
},
{
"key": "timestampMs",
"value": "$EVENT_TIMESTAMP_MS"
},
{
"key": "timestampISO",
"value": "$EVENT_TIMESTAMP_ISO"
},
{
"key": "threadId",
"value": "$THREAD_ID"
},
{
"key": "category",
"value": "$CATEGORY"
},
{
"key": "queryText",
"value": "$QUERY_TEXT"
},
{
"key": "definedRatioThreshold",
"value": "$DEFINED_RATIO_THRESHOLD"
},
{
"key": "metaLabelsJson",
"value": "$META_LABELS_JSON"
},
{
"key": "metaLabelsList",
"value": "$META_LABELS_LIST"
},
{
"key": "opsgeniePriority",
"value": "$OPSGENIE_PRIORITY"
},
{
"key": "companyId",
"value": "$COMPANY_ID"
},
{
"key": "dedupKey",
"value": "$DEDUP_KEY"
},
{
"key": "alertUniqueIdentifier",
"value": "$ALERT_UNIQUE_IDENTIFIER"
},
{
"key": "relativeQueryText",
"value": "$RELATIVE_QUERY_TEXT"
},
{
"key": "actualRatio",
"value": "$ACTUAL_RATIO"
},
{
"key": "relativeHitCount",
"value": "$RELATIVE_HIT_COUNT"
},
{
"key": "ratioQueryOne",
"value": "$RATIO_QUERY_ONE"
},
{
"key": "ratioQueryTwo",
"value": "$RATIO_QUERY_TWO"
},
{
"key": "ratioTimeframe",
"value": "$RATIO_TIMEFRAME"
},
{
"key": "ratioGroupByKeys",
"value": "$RATIO_GROUP_BY_KEYS"
},
{
"key": "ratioGroupByTable",
"value": "$RATIO_GROUP_BY_TABLE"
},
{
"key": "flowAlertRelatedAlerts",
"value": "$FLOW_ALERT_RELATED_ALERTS"
},
{
"key": "alertGroupByValues",
"value" : "$ALERT_GROUP_BY_VALUES"
}
]
}
Placeholders
Here is a list of all available placeholders you may use and a description of each one.
Note: If a webhook field has multiple parameters, use spaces to separate between them. For example, the $ALERT_ID $GROUP_BY_VALUE_1-es-indexer parameters use a single space as a separator.
Alert Event Information
| Placeholder | Description |
|---|---|
| $ALERT_NAME | Name of the alert |
| $ALERT_ACTION | Alert action, whether triggered or resolved |
| $ALERT_URL | URL used to access the alert in Coralogix |
| $ALERT_ID | Alert ID - This changes every time a significant alert parameter, such as query or condition, is changed. |
| $ALERT_DESCRIPTION | Description added in the alert |
| $ALERT_UNIQUE_IDENTIFIER | Persists even when significant alert parameters are changed |
| $ALERT_THRESHOLD | Threshold that was defined in the alert |
| $ALERT_TIMEWINDOW_MINUTES | The time frame in minutes for which the alert is defined |
| $ALERT_GROUPBY_LABELS | The group by labels defined in the alert |
| $ALERT_GROUP_BY_VALUES | The values for the group by labels defined in the alert |
| $EVENT_TIMESTAMP_ISO | The event timestamp in ISO format |
| $EVENT_SEVERITY | The significance chosen for the alert: Info, Warning, Error, or Critical. |
| $EVENT_SEVERITY_LOWERCASE | Acts like $EVENT_SEVERITY, but uses lowercase letters |
| $OPSGENIE_PRIORITY | OpsGenie severity mapped from this event’s severity (INFO - P5, WARNING - P3, ERROR - P2, CRITICAL - P1) |
| $META_LABELS | Meta labels are the Labels that you attach to an alert when defining it. If you want your outbound webhooks to contain these labels, add them to your template when defining the custom webhook. Labels of the alert as one string of key-value pairs, comma-separated. Example: "firstKey:firstValue, justThis, anotherKey:anotherValue" |
| $META_LABELS_JSON | Meta labels are the Labels that you attach to an alert when defining it. If you want your outbound webhooks to contain these labels, add them in your template when defining the custom webhook. Labels of the alert presented as a JSON-formatted string Example: "{\"firstKey\":\"firstValue\",\"justThis\":null,\"anotherKey\":\"anotherValue\"}" |
| $META_LABELS_LIST | Meta labels are the Labels that you attach to an alert when defining it. If you want your outbound webhooks to contain these labels, add them in your template when defining the custom webhook. Alert label defined. The set of labels is presented as an array of elements. Example: "firstKey:firstValue", "justThis", "anotherKey:anotherValue" |
| $EVENT_TIMESTAMP_MS | The time in milliseconds when the alert was triggered |
| $EVENT_TIMESTAMP | The time when the alert was triggered as a string with the date and time |
| $GROUP_BY_FIELD_1 | Provides the first group-by field that triggers an alert. |
| $GROUP_BY_FIELD_2 | Provides the second group-by field that triggers an alert. |
| $GROUP_BY_FIELD_# | Provides the X group-by field that triggers an alert. May be higher than 2 in some cases. |
| $GROUP_BY_VALUE_1 | Provides the first group-by value for the field that triggers an alert. When grouping by a given Group By field in your alert settings, you must group the metric by this field to allow the data to propagate to the $GROUP_BY_VALUE_1. |
| $GROUP_BY_VALUE_2 | Provides the second group-by value for the field that triggers an alert. When grouping by a given Group By field in your alert settings, you must group the metric by this field to allow the data to propagate to the $GROUP_BY_VALUE_2. |
| $GROUP_BY_VALUE_# | Provides the X group-by value that triggers an alert. May be higher than 2 in some cases. When grouping by a given Group By field in your alert settings, you must group the metric by this field to allow the data to propagate to the $GROUP_BY_VALUE_X. |
| $HIT_COUNT | Hit count presents the hit count of logs that triggered the alert |
| $RELATIVE_HIT_COUNT | For ratio and time relative alerts, relative hit count presents the hit count of the second query logs |
| $QUERY_TEXT | Presents the alert's query |
| $RELATIVE_QUERY_TEXT | For Ratio and Time Relative alerts, relative query text presents the alert's second query |
| $DEFINED_RATIO_THRESHOLD | For Ratio and Time Relative alerts, the defined ratio threshold presents the ratio threshold defined in the alert |
| $ACTUAL_RATIO | For Ratio and Time Relative alerts, the actual ratio presents the resulted ratio for the alert |
| $METRIC_KEY | For Metric Lucene-based alerts, the metric key is the field on which you create the metric alert. This alert type is deprecated and exists only for existing customers who previously defined this type of alert. |
| $METRIC_OPERATOR | For Metric Lucene-based alerts, the metric operator is the arithmetic function that is being applied when checking the alert. This alert type is deprecated and exists only for existing customers who previously defined this type of alert. |
| $TIMEFRAME | For Metric alerts, the timeframe over which the metric alert is checked |
| $TIMEFRAME_OVER_THRESHOLD | For Metric alerts, contains all of the following elements: • The percentage of time over the threshold. • Average of the values crossing the threshold. • Max of the values crossing the threshold. • Min of the values crossing the threshold. (Irrelevant for sum and count arithmetic operators.) |
| $METRIC_CRITERIA | For Metric alerts, the condition that is checked in the alert (‘over’ or ‘under’) |
| $SERVICE | The service for which the span was triggered |
| $SPANS | The number of spans |
| $DURATION | Duration of the triggered span |
Ratio / Time Relative Alerts
| Placeholder | Description |
|---|---|
| $RATIO_QUERY_ONE | Query one alias |
| $RATIO_QUERY_TWO | Query two aliases |
| $RATIO_TIMEFRAME | The timeframe over which the alert triggers |
Flow Alerts
| Placeholder | Description |
|---|---|
| $FLOW_ALERT_RELATED_ALERTS | The data about the alerts that trigger this flow |
Unique Count Alerts
| Placeholder | Description |
|---|---|
| $UNIQUE_COUNT_VALUES_LIST | The unique values for the triggered alert |
New Value Alerts
| Placeholder | Description |
|---|---|
| $NEW_VALUE_TRACKED_KEY | The key defined to track new values from |
Log Information
| Placeholder | Description |
|---|---|
| $LOG_URL | Link to the alert logs |
| $APPLICATION_NAME | The application name of the presented example log |
| $SUBSYSTEM_NAME | The subsystem name of the presented example log |
| $LOG_TEXT | The entire log payload, whether it is a textual log or JSON formatted log |
| $JSON_KEY | In case the logs are JSON formatted, you may include any key (JSON field) from the log itself |
| $JSON_KEY.numeric | If the chosen field possesses a number value and you wish to include it in its numeric form (use it in the custom webhook body without wrapping quotes), use it with the suffix .numeric. E.g. $status_code.numeric |
| $COMPUTER_NAME | The computer name (if it exists) of the presented example log |
| $CATEGORY | The category (if it exists) of the presented example log |
| $IP_ADDRESS | The IP address (if it exists) of the presented example log |
| $THREAD_ID | The thread ID (if it exists) of the presented example log |
General Information
| Placeholder | Description |
|---|---|
| $TEAM_NAME | The Coralogix account name from which the alert originates |
| $CORALOGIX_ICON_URL | The Coralogix icon |
| $COMPANY_ID | The company ID |
| $DEDUP_KEY | The key Coralogix uses to dedup when sending to different integrations |
8
Click TEST CONFIG.
The system sends an HTTP call with the specified parameters to check that your configuration is valid. If the HTTP call is received successfully, a confirmation message is displayed.
9
Once the configuration is validated, configure your alert notifications.
Additional Resources
| Documentation | Configure Alert Notifications for Outbound Webhooks |
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Contact us via our in-app chat or by emailing [email protected].
Email Group Outbound Webhooks
Theme
Light
light
dark
Light
light
dark
User Guides
DataPrime
Integrations
OpenTelemetry
Developer Portal