Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Back to All Docs

Custom Alert Webhooks Custom Alert Webhooks

Last Updated: Jun. 27, 2023

Coralogix allows you to integrate with any operation and alert management platform in order to get alerted in real-time and manage your Coralogix insights. 

There are predefined and custom integrations that can easily be configured. This tutorial will walk you through them, and show you how you can adjust our webhooks to be sent anywhere.

You can create as many webhooks as you want. Eventually, you will assign them to your alerts. You can assign one or more to any of your alerts.

From the Data Flow menu click on Webhooks. Click the +Add New button on the top right to create new webhook Integration.

Coralogix alert webhooks integrations

Add a webhook to existing alerts

1-Select any of the already configured web hooks.

Note at the bottom you will see all the alerts you have configured.There is also a search box where you can search on your alerts and only show those alerts.

2-Select all the alerts you want to assign the webhook to and hit save.

3- You can modify the alert by clicking on the green icon shown in the screen shot. This will open a window with the alert you have selected.

Custom Alert Webhooks

Coralogix allows you to define a customized payload to be sent when an alert is triggered. Custom webhook lets you send the configured message to any API endpoint as long as the webhook body complies with the requirements of your endpoint.

To define a custom webhook, in the webhooks page, choose WebHooks and fill in your destination URL. This will send alerts to your destination of choice.

Coralogix custom webhook integration

To customize your alert click on Edit body.

Coralogix custom webhook body

You can add/remove fields as long as you keep a valid JSON format.

You can also tag any JSON field within the triggered alert’s log example in order to customize alert outputs with your own log content, just add your field name with ‘$’ sign as its prefix (e.g. “$my_JSON_field”)

coralogix custom webhook payload with custom key

Here is a list of all available placeholders you may use and a description of each one.

Placeholder contextPlaceholderDescription
Alert event info$ALERT_NAMEThe name of the Alert
$ALERT_ACTIONAlert action, whether it triggered or this is a resolve notification
$ALERT_URLURL to access the alert in Coralogix
$EVENT_SEVERITYThe severity (significance) that was chosen to the alert. It will be one of: [Info,Warning,Critical]
$ALERT_DESCRIPTIONThe description added in the alert
$EVENT_TIMESTAMP_MSThe time in milliseconds when the alert was triggered
$EVENT_TIMESTAMPThe time when the alert was triggered as a string with the date and time
$GROUP_BY_FIELD_1Provides the first group-by field that triggers an alert.
$GROUP_BY_FIELD_2Provides the second group-by field that triggers an alert.
$GROUP_BY_VALUE_1Provides the first group-by value for the field that triggers an alert.
$GROUP_BY_VALUE_2Provides the second group-by value for the field that triggers an alert.
$HIT_COUNTFor advanced alerts, hit count presents the hit count of logs that triggered the alert
$RELATIVE_HIT_COUNTFor ratio and time relative alerts, relative hit count presents the hit count of the second query logs
$QUERY_TEXTFor advanced alerts, query text presents the alert's query
$RELATIVE_QUERY_TEXTFor ratio and time relative alerts, relative query text presents the alert's second query
$DEFINED_RATIO_THRESHOLDFor ratio and time relative alerts, the defined ratio threshold presents the ratio threshold defined in the alert
$ACTUAL_RATIOFor ratio and time relative alerts, the actual ratio presents the resulted ratio for the alert
$METRIC_KEYFor metric alerts, the metric key is the field you create the metric alert on
$METRIC_OPERATORFor metric alerts, the metric operator is the arithmetic function that is being applied when checking the alert
$TIMEFRAMEFor metric alerts, the timeframe over which the metric alert is checked
$TIMEFRAME_OVER_THRESHOLDFor metric alerts, contains all of the following elements:
- The percentage of time over the threshold.
- Average of the values crossing the threshold.
- Max of the values crossing the threshold.
- Min of the values crossing the threshold.
(Irrelevant for sum and count arithmetic operators.)
$METRIC_CRITERIAFor metric alerts, the condition that is checked in the alert (‘over’ or ‘under’)
Logs info$LOG_URLLink to the alert logs
$APPLICATION_NAMEThe application name of the presented example log
$SUBSYSTEM_NAMEThe subsystem name of the presented example log
$LOG_TEXTThe entire log payload, whether it is a textual log or JSON formatted log
$JSON_KEYIn case the logs are JSON formatted, you may include any key (JSON field) from the log itself
$JSON_KEY.numericIf the chosen field possesses a number value and you wish to include it in it's numeric form (use it in the custom webhook body without wrapping quotes) use it with the suffix of .numeric. E.g. $status_code.numeric
$COMPUTER_NAMEThe computer name (if exists) of the presented example log
$CATEGORYThe category (if exists) of the presented example log
$IP_ADDRESSThe Ip address (if exists) of the presented example log
$THREAD_IDThe thread id (if exists) of the presented example log
General$TEAM_NAMEThe Coralogix account name from which the alert is from
$CORALOGIX_ICON_URLThe Coralogix Icon

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

On this page