Coralogix allows you to integrate with any operation and alert management platform in order to get alerted in real-time and manage your Coralogix insights.
There are predefined and custom integrations that can easily be configured. This tutorial will walk you through them, and show you how you can adjust our webhooks to be sent anywhere.
You can create as many webhooks as you want. Eventually, you will assign them to your alerts. You can assign one or more to any of your alerts.
From the Data Flow menu click on Webhooks. Click the +Add New button on the top right to create new webhook Integration.
1-Select any of the already configured web hooks.
Note at the bottom you will see all the alerts you have configured.There is also a search box where you can search on your alerts and only show those alerts.
2-Select all the alerts you want to assign the webhook to and hit save.
3- You can modify the alert by clicking on the green icon shown in the screen shot. This will open a window with the alert you have selected.
Coralogix allows you to define a customized payload to be sent when an alert is triggered. Custom webhook lets you send the configured message to any API endpoint as long as the webhook body complies with the requirements of your endpoint.
To define a custom webhook, in the webhooks page, choose WebHooks and fill in your destination URL. This will send alerts to your destination of choice.
To customize your alert click on Edit body.
You can add/remove fields as long as you keep a valid JSON format.
You can also tag any JSON field within the triggered alert’s log example in order to customize alert outputs with your own log content, just add your field name with ‘$’ sign as its prefix (e.g. “$my_JSON_field”)
Here is a list of all available placeholders you may use and a description of each one.
|Alert event info||$ALERT_NAME||The name of the Alert|
|$ALERT_ACTION||Alert action, whether it triggered or this is a resolve notification|
|$ALERT_URL||URL to access the alert in Coralogix|
|$EVENT_SEVERITY||The severity (significance) that was chosen to the alert. It will be one of: [Info,Warning,Critical]|
|$ALERT_DESCRIPTION||The description added in the alert|
|$EVENT_TIMESTAMP_MS||The time in milliseconds when the alert was triggered|
|$EVENT_TIMESTAMP||The time when the alert was triggered as a string with the date and time|
|$HIT_COUNT||For advanced alerts, hit count presents the hit count of logs that triggered the alert|
|$RELATIVE_HIT_COUNT||For ratio and time relative alerts, relative hit count presents the hit count of the second query logs|
|$QUERY_TEXT||For advanced alerts, query text presents the alert's query|
|$RELATIVE_QUERY_TEXT||For ratio and time relative alerts, relative query text presents the alert's second query|
|$DEFINED_RATIO_THRESHOLD||For ratio and time relative alerts, the defined ratio threshold presents the ratio threshold defined in the alert|
|$ACTUAL_RATIO||For ratio and time relative alerts, the actual ratio presents the resulted ratio for the alert|
|$METRIC_KEY||For metric alerts, the metric key is the field you create the metric alert on|
|$METRIC_OPERATOR||For metric alerts, the metric operator is the arithmetic function that is being applied when checking the alert|
|$TIMEFRAME||For metric alerts, the timeframe over which the metric alert is checked|
|$TIMEFRAME_OVER_THRESHOLD||For metric alerts, the percentage of the timeframe that the checked value has crossed the threshold in. (irrelevant for sum and count arithmetic operators)|
|$METRIC_CRITERIA||For metric alerts, the condition that is checked in the alert (‘over’ or ‘under’)|
|Logs info||$LOG_URL||Link to the alert logs|
|$APPLICATION_NAME||The application name of the presented example log|
|$SUBSYSTEM_NAME||The subsystem name of the presented example log|
|$LOG_TEXT||The entire log payload, whether it is a textual log or JSON formatted log|
|$JSON_KEY||In case the logs are JSON formatted, you may include any key (JSON field) from the log itself|
|$JSON_KEY.numeric||If the chosen field possesses a number value and you wish to include it in it's numeric form (use it in the custom webhook body without wrapping quotes) use it with the suffix of .numeric. E.g. $status_code.numeric|
|$COMPUTER_NAME||The computer name (if exists) of the presented example log|
|$CATEGORY||The category (if exists) of the presented example log|
|$IP_ADDRESS||The Ip address (if exists) of the presented example log|
|$THREAD_ID||The thread id (if exists) of the presented example log|
|General||$TEAM_NAME||The Coralogix account name from which the alert is from|
|$CORALOGIX_ICON_URL||The Coralogix Icon|