Skip to content

Generic Outbound Webhooks (Alert Webhooks)

Enhance your observability workflows by sending real-time event notifications and log data to any endpoint that accepts HTTP requests. With this generic outbound webhook, you can easily integrate Coralogix with different endpoints, automate responses to critical events, and improve your organization's incident management and alerting processes.

Create a Webhook

STEP 1. From the Coralogix toolbar, navigate to Data Flow > Outbound Webhooks.

STEP 2. In the Outbound Webhooks section, click GENERIC WEBHOOK.

STEP 3. Click + ADD NEW.

STEP 4. Enter a webhook name and the URL to which you want to send an event notification.

The UUID field is auto-populated.

STEP 5. Select an HTTP method for the webhook (GET, POST, or PUT).

STEP 6. Click NEXT.

STEP 7. [Optional] Edit the message to customize the header and body of the messages that will be sent when the webhook is triggered.

Placeholders

Here is a list of all available placeholders you may use and a description of each one.

Note: If a wedhook field has multiple parameters, use spaces to separate between them. For example, the $ALERT_ID $GROUP_BY_VALUE_1-es-indexer parameters use a single space as a separator.

Alert Event Information
PlaceholderDescription
$ALERT_NAMEName of the alert
$ALERT_ACTIONAlert action, whether triggered or resolved
$ALERT_URLURL used to access the alert in Coralogix
$ALERT_IDAlert ID
This changes every time a significant alert parameter, such as query or condition, is changed.
$ALERT_DESCRIPTIONDescription added in the alert
$ALERT_UNIQUE_IDENTIFIERPersists even when significant alert parameters are changed
$ALERT_THRESHOLDThreshold that was defined in the alert
$ALERT_TIMEWINDOW_MINUTESThe time frame in minutes for which the alert is defined
$ALERT_GROUPBY_LABELSThe group by labels defined in the alert
$ALERT_GROUP_BY_VALUESThe values for the group by labels defined in the alert
$EVENT_TIMESTAMP_ISOThe event timestamp in ISO format
$EVENT_SEVERITYThe significance chosen for the alert: Info, Warning, Error, or Critical.
$EVENT_SEVERITY_LOWERCASEActs like $EVENT_SEVERITY, but uses lowercase letters
$OPSGENIE_PRIORITYOpsGenie severity mapped from this event’s severity (INFO - P5, WARNING - P3, ERROR - P2, CRITICAL - P1)
$META_LABELS

Meta labels are the 
Labels that you attach to an alert when defining it. If you want your outbound webhooks to contain these labels, add them to your template when defining the custom webhook.
Labels of the alert as one string of key-value pairs, comma-separated.

Example:
"firstKey:firstValue, justThis, anotherKey:anotherValue"
$META_LABELS_JSON

Meta labels are the 
Labels that you attach to an alert when defining it. If you want your outbound webhooks to contain these labels, add them in your template when defining the custom webhook.
Labels of the alert presented as a JSON-formatted string

Example:
"{\"firstKey\":\"firstValue\",\"justThis\":null,\"anotherKey\":\"anotherValue\"}"
$META_LABELS_LIST

Meta labels are the 
Labels that you attach to an alert when defining it. If you want your outbound webhooks to contain these labels, add them in your template when defining the custom webhook.
Alert label defined
The set of labels is presented as an array of elements.

Example:
[
"firstKey:firstValue",
"justThis",
"anotherKey:anotherValue"
]
$EVENT_TIMESTAMP_MSThe time in milliseconds when the alert was triggered
$EVENT_TIMESTAMPThe time when the alert was triggered as a string with the date and time
$GROUP_BY_FIELD_1Provides the first group-by field that triggers an alert.
$GROUP_BY_FIELD_2Provides the second group-by field that triggers an alert.
$GROUP_BY_FIELD_#Provides the X group-by field that triggers an alert. May be higher than 2 in some cases.
$GROUP_BY_VALUE_1Provides the first group-by value for the field that triggers an alert.
When grouping by a given Group By field in your alert settings, you must group the metric by this field to allow the data to propagate to the $GROUP_BY_VALUE_1.
$GROUP_BY_VALUE_2Provides the second group-by value for the field that triggers an alert.
When grouping by a given Group By field in your alert settings, you must group the metric by this field to allow the data to propagate to the $GROUP_BY_VALUE_2.
$GROUP_BY_VALUE_#Provides the X group-by value that triggers an alert. May be higher than 2 in some cases.
When grouping by a given Group By field in your alert settings, you must group the metric by this field to allow the data to propagate to the $GROUP_BY_VALUE_X.
$HIT_COUNTHit count presents the hit count of logs that triggered the alert
$RELATIVE_HIT_COUNTFor ratio and time relative alerts, relative hit count presents the hit count of the second query logs
$QUERY_TEXTPresents the alert's query
$RELATIVE_QUERY_TEXTFor Ratio and Time Relative alerts, relative query text presents the alert's second query
$DEFINED_RATIO_THRESHOLDFor Ratio and Time Relative alerts, the defined ratio threshold presents the ratio threshold defined in the alert
$ACTUAL_RATIOFor Ratio and Time Relative alerts, the actual ratio presents the resulted ratio for the alert
$METRIC_KEYFor Metric Lucene-based alerts, the metric key is the field on which you create the metric alert.
This alert type is deprecated and exists only for existing customers who previously defined this type of alert.
$METRIC_OPERATORFor Metric Lucene-based alerts, the metric operator is the arithmetic function that is being applied when checking the alert
This alert type is deprecated and exists only for existing customers who previously defined this type of alert.
$TIMEFRAMEFor Metric alerts, the timeframe over which the metric alert is checked
$TIMEFRAME_OVER_THRESHOLDFor Metric alerts, contains all of the following elements:
• The percentage of time over the threshold.
• Average of the values crossing the threshold.
• Max of the values crossing the threshold.
• Min of the values crossing the threshold.
(Irrelevant for sum and count arithmetic operators.)
$METRIC_CRITERIAFor Metric alerts, the condition that is checked in the alert (‘over’ or ‘under’)
$SERVICEThe service for which the span was triggered
$SPANSThe number of spans
$DURATIONDuration of the triggered span

Ratio / Time Relative Alerts
PlaceholderDescription
$RATIO_QUERY_ONEQuery one alias
$RATIO_QUERY_TWOQuery two aliases
$RATIO_TIMEFRAMEThe timeframe over which the alert triggers

Flow Alerts
PlaceholderDescription
$FLOW_ALERT_RELATED_ALERTSThe data about the alerts that trigger this flow

Unique Count Alerts
PlaceholderDescription
$UNIQUE_COUNT_VALUES_LISTThe unique values for the triggered alert

New Value Alerts
PlaceholderDescription
$NEW_VALUE_TRACKED_KEYThe key defined to track new values from

Log Information
PlaceholderDescription
$LOG_URLLink to the alert logs
$APPLICATION_NAMEThe application name of the presented example log
$SUBSYSTEM_NAMEThe subsystem name of the presented example log
$LOG_TEXTThe entire log payload, whether it is a textual log or JSON formatted log
$JSON_KEYIn case the logs are JSON formatted, you may include any key (JSON field) from the log itself
$JSON_KEY.numericIf the chosen field possesses a number value and you wish to include it in its numeric form (use it in the custom webhook body without wrapping quotes), use it with the suffix .numeric. E.g. $status_code.numeric
$COMPUTER_NAMEThe computer name (if it exists) of the presented example log
$CATEGORYThe category (if it exists) of the presented example log
$IP_ADDRESSThe IP address (if it exists) of the presented example log
$THREAD_IDThe thread ID (if it exists) of the presented example log

General Information
PlaceholderDescription
$TEAM_NAMEThe Coralogix account name from which the alert originates
$CORALOGIX_ICON_URLThe Coralogix icon
$COMPANY_IDThe company ID
$DEDUP_KEYThe key Coralogix uses to dedup when sending to different integrations

STEP 8. Click TEST CONFIG.

The system sends an HTTP call with the specified parameters to check that your configuration is valid. If the HTTP call is received successfully, a confirmation message is displayed.

STEP 9. Once the configuration is validated, configure your alert notifications.

Additional Resources

DocumentationConfigure Alert Notifications for Outbound Webhooks

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Contact us via our in-app chat or by emailing [email protected].