Coralogix allows you to integrate with any operation and alert management platform in order to get alerted in real-time and manage your Coralogix insights.
There are predefined and custom integrations that can easily be configured. This tutorial will walk you through them, and show you how you can adjust our webhooks to be sent anywhere.
You can create as many webhooks as you want. Eventually, you will assign them to your alerts. You can assign one or more to any of your alerts.
From the Data Flow menu click on Webhooks. Click the +Add New button on the top right to create new webhook Integration.
Add a webhook to existing alerts
1-Select any of the already configured web hooks.
Note at the bottom you will see all the alerts you have configured.There is also a search box where you can search on your alerts and only show those alerts.
2-Select all the alerts you want to assign the webhook to and hit save.
3- You can modify the alert by clicking on the green icon shown in the screen shot. This will open a window with the alert you have selected.
Custom Alert Webhooks
Coralogix allows you to define a customized payload to be sent when an alert is triggered. Custom webhook lets you send the configured message to any API endpoint as long as the webhook body complies with the requirements of your endpoint.
To define a custom webhook, in the webhooks page, choose WebHooks and fill in your destination URL. This will send alerts to your destination of choice.
To customize your alert click on Edit body.
You can add/remove fields as long as you keep a valid JSON format.
You can also tag any JSON field within the triggered alert’s log example in order to customize alert outputs with your own log content, just add your field name with ‘$’ sign as its prefix (e.g. “$my_JSON_field”)
Here is a list of all available placeholders you may use and a description of each one.
Placeholder context
Placeholder
Description
Alert event info
$ALERT_NAME
The name of the Alert
$ALERT_ACTION
Alert action, whether it triggered or this is a resolve notification
$ALERT_URL
URL to access the alert in Coralogix
$EVENT_SEVERITY
The severity (significance) that was chosen to the alert. It will be one of: [Info,Warning,Critical]
$ALERT_DESCRIPTION
The description added in the alert
$EVENT_TIMESTAMP_MS
The time in milliseconds when the alert was triggered
$EVENT_TIMESTAMP
The time when the alert was triggered as a string with the date and time
$HIT_COUNT
For advanced alerts, hit count presents the hit count of logs that triggered the alert
$RELATIVE_HIT_COUNT
For ratio and time relative alerts, relative hit count presents the hit count of the second query logs
$QUERY_TEXT
For advanced alerts, query text presents the alert's query
$RELATIVE_QUERY_TEXT
For ratio and time relative alerts, relative query text presents the alert's second query
$DEFINED_RATIO_THRESHOLD
For ratio and time relative alerts, the defined ratio threshold presents the ratio threshold defined in the alert
$ACTUAL_RATIO
For ratio and time relative alerts, the actual ratio presents the resulted ratio for the alert
$METRIC_KEY
For metric alerts, the metric key is the field you create the metric alert on
$METRIC_OPERATOR
For metric alerts, the metric operator is the arithmetic function that is being applied when checking the alert
$TIMEFRAME
For metric alerts, the timeframe over which the metric alert is checked
$TIMEFRAME_OVER_THRESHOLD
For metric alerts, the percentage of the timeframe that the checked value has crossed the threshold in. (irrelevant for sum and count arithmetic operators)
$METRIC_CRITERIA
For metric alerts, the condition that is checked in the alert (‘over’ or ‘under’)
Logs info
$LOG_URL
Link to the alert logs
$APPLICATION_NAME
The application name of the presented example log
$SUBSYSTEM_NAME
The subsystem name of the presented example log
$LOG_TEXT
The entire log payload, whether it is a textual log or JSON formatted log
$JSON_KEY
In case the logs are JSON formatted, you may include any key (JSON field) from the log itself
$JSON_KEY.numeric
If the chosen field possesses a number value and you wish to include it in it's numeric form (use it in the custom webhook body without wrapping quotes) use it with the suffix of .numeric. E.g. $status_code.numeric
$COMPUTER_NAME
The computer name (if exists) of the presented example log
$CATEGORY
The category (if exists) of the presented example log
$IP_ADDRESS
The Ip address (if exists) of the presented example log
$THREAD_ID
The thread id (if exists) of the presented example log
General
$TEAM_NAME
The Coralogix account name from which the alert is from
Oh no!We didn’t find anything for “”,
