We're launching a new cybersecurity venture! Learn more about Snowbit >

Custom Alert Webhooks Custom Alert Webhooks

Last Updated: Mar. 27, 2022

Coralogix allows you to integrate with any operation and alert management platform in order to get alerted in real-time and manage your Coralogix insights. 

There are predefined and custom integrations that can easily be configured. This tutorial will walk you through them, and show you how you can adjust our webhooks to be sent anywhere.

You can create as many webhooks as you want. Eventually, you will assign them to your alerts. You can assign one or more to any of your alerts.

From the Data Flow menu click on Webhooks. Click the +Add New button on the top right to create new webhook Integration.

Coralogix alert webhooks integrations

Add a webhook to existing alerts

1-Select any of the already configured web hooks.

Note at the bottom you will see all the alerts you have configured.There is also a search box where you can search on your alerts and only show those alerts.

2-Select all the alerts you want to assign the webhook to and hit save.

3- You can modify the alert by clicking on the green icon shown in the screen shot. This will open a window with the alert you have selected.

Custom Alert Webhooks

Coralogix allows you to define a customized payload to be sent when an alert is triggered. Custom webhook lets you send the configured message to any API endpoint as long as the webhook body complies with the requirements of your endpoint.

To define a custom webhook, in the webhooks page, choose WebHooks and fill in your destination URL. This will send alerts to your destination of choice.

Coralogix custom webhook integration

To customize your alert click on Edit body.

Coralogix custom webhook body

You can add/remove fields as long as you keep a valid JSON format.

You can also tag any JSON field within the triggered alert’s log example in order to customize alert outputs with your own log content, just add your field name with ‘$’ sign as its prefix (e.g. “$my_JSON_field”)

coralogix custom webhook payload with custom key

Here is a list of all available placeholders you may use and a description of each one.

Placeholder contextPlaceholderDescription
Alert event info$ALERT_NAMEThe name of the Alert
$ALERT_ACTIONAlert action, whether it triggered or this is a resolve notification
$ALERT_URLURL to access the alert in Coralogix
$EVENT_SEVERITYThe severity (significance) that was chosen to the alert. It will be one of: [Info,Warning,Critical]
$ALERT_DESCRIPTIONThe description added in the alert
$EVENT_TIMESTAMP_MSThe time in milliseconds when the alert was triggered
$EVENT_TIMESTAMPThe time when the alert was triggered as a string with the date and time
$HIT_COUNTFor advanced alerts, hit count presents the hit count of logs that triggered the alert
$RELATIVE_HIT_COUNTFor ratio and time relative alerts, relative hit count presents the hit count of the second query logs
$QUERY_TEXTFor advanced alerts, query text presents the alert's query
$RELATIVE_QUERY_TEXTFor ratio and time relative alerts, relative query text presents the alert's second query
$DEFINED_RATIO_THRESHOLDFor ratio and time relative alerts, the defined ratio threshold presents the ratio threshold defined in the alert
$ACTUAL_RATIOFor ratio and time relative alerts, the actual ratio presents the resulted ratio for the alert
$METRIC_KEYFor metric alerts, the metric key is the field you create the metric alert on
$METRIC_OPERATORFor metric alerts, the metric operator is the arithmetic function that is being applied when checking the alert
$TIMEFRAMEFor metric alerts, the timeframe over which the metric alert is checked
$TIMEFRAME_OVER_THRESHOLDFor metric alerts, the percentage of the timeframe that the checked value has crossed the threshold in. (irrelevant for sum and count arithmetic operators)
$METRIC_CRITERIAFor metric alerts, the condition that is checked in the alert (‘over’ or ‘under’)
Logs info$LOG_URLLink to the alert logs
$APPLICATION_NAMEThe application name of the presented example log
$SUBSYSTEM_NAMEThe subsystem name of the presented example log
$LOG_TEXTThe entire log payload, whether it is a textual log or JSON formatted log
$JSON_KEYIn case the logs are JSON formatted, you may include any key (JSON field) from the log itself
$JSON_KEY.numericIf the chosen field possesses a number value and you wish to include it in it's numeric form (use it in the custom webhook body without wrapping quotes) use it with the suffix of .numeric. E.g. $status_code.numeric
$COMPUTER_NAMEThe computer name (if exists) of the presented example log
$CATEGORYThe category (if exists) of the presented example log
$IP_ADDRESSThe Ip address (if exists) of the presented example log
$THREAD_IDThe thread id (if exists) of the presented example log
General$TEAM_NAMEThe Coralogix account name from which the alert is from
$CORALOGIX_ICON_URLThe Coralogix Icon

On this page