Alert Webhooks

Coralogix allows you to integrate with any operation and alert management platform in order to get alerted in real-time and manage your Coralogix insights. 

There are predefined and custom integrations that can easily be configured. This tutorial will walk you through them, and show you how you can adjust our webhooks to be sent anywhere.

Slack


1) Go to Settings –> Webhooks and click the ‘+’ sign on the righthand side:

new alert webhook screenshot

2) Select ‘Slack’, add the desired alias (the desired name of your integration), add the room webhook (URL), and click save.

** To find your webhook, click here: https://my.slack.com/services/new/incoming-webhook (while logged into Slack), choose the room name, click ‘Add incoming webhook integration’ and copy the webhook you got into Coralogix.

3) If you don’t see your new webhook under your alert definition, try to refresh your browser.

new slack webhook

PagerDuty


For configuring a PagerDuty webhook integration please refer to our dedicated PD instructions here.

Microsoft Teams


For configuring an MS Teams webhook integration please refer to our dedicated instructions here.

VictorOps


For configuring a VictorOps webhook integration please refer to our dedicated instructions here.

Jira


For configuring a Jira webhook integration please refer to our dedicated instructions here.

Opsgenie


For configuring an Opsgenie webhook integration please refer to our dedicated instructions here.

Custom Alert WebHooks


Coralogix allows you to define the payload that you wish to send when an alert is triggered, once a general webhook is defined in your settings, it can be added to any new alert you create. You can create multiple webhooks, and assign one or more to your alerts. 

To define your webhook, Go to Settings –> Webhooks and click the ‘+’ sign on the right-hand side, choose WebHook and fill in your destination URL. This will send alerts to your destination:

new custom webhook

To customize your alert, click “Edit body”:

customize alert webhook

You can add/remove fields as long as you keep a valid JSON format. Make sure that the structure complies with the requirements of your operation and alert management platform.

You can also tag any JSON field in the alert webhook’s payload in order to customize alert outputs with your own Log content, just add your field name with ‘$’ sign as its prefix (e.g. “$my_JSON_field”)

coralogix webhook payload with custom key

Here is a list of all available placeholders you may use and a description of each one.

Placeholder contextPlaceholderDescription
Alert event info$ALERT_NAMEThe name of the Alert
$ALERT_ACTIONAlert action, whether it triggered or this is a resolve notification
$ALERT_URLURL to access the alert in Coralogix
$EVENT_SEVERITYThe severity (significance) that was chosen to the alert. It will be one of: [Info,Warning,Critical]
$ALERT_DESCRIPTIONThe description added in the alert
$EVENT_TIMESTAMP_MSThe time in milliseconds when the alert was triggered
$EVENT_TIMESTAMPThe time when the alert was triggered as a string with the date and time
$HIT_COUNTFor advanced alerts, hit count presents the hit count of logs that triggered the alert
$RELATIVE_HIT_COUNTFor ratio and time relative alerts, relative hit count presents the hit count of the second query logs
$QUERY_TEXTFor advanced alerts, query text presents the alert's query
$RELATIVE_QUERY_TEXTFor ratio and time relative alerts, relative query text presents the alert's second query
$DEFINED_RATIO_THRESHOLDFor ratio and time relative alerts, the defined ratio threshold presents the ratio threshold defined in the alert
$ACTUAL_RATIOFor ratio and time relative alerts, the actual ratio presents the resulted ratio for the alert
$METRIC_KEYFor metric alerts, the metric key is the field you create the metric alert on
$METRIC_OPERATORFor metric alerts, the metric operator is the arithmetic function that is being applied when checking the alert
$TIMEFRAMEFor metric alerts, the timeframe over which the metric alert is checked
$TIMEFRAME_OVER_THRESHOLDFor metric alerts, the percentage of the timeframe that the checked value has crossed the threshold in. (irrelevant for sum and count arithmetic operators)
$METRIC_CRITERIAFor metric alerts, the condition that is checked in the alert (‘over’ or ‘under’)
Logs info$LOG_URLLink to the alert logs
$APPLICATION_NAMEThe application name of the presented example log
$SUBSYSTEM_NAMEThe subsystem name of the presented example log
$LOG_TEXTThe entire log payload, whether it is a textual log or JSON formatted log
$JSON_KEYIn case the logs are JSON formatted, you may include any key (JSON field) from the log itself
$JSON_KEY.numericIf the chosen field possesses a number value and you wish to include it in it's numeric form (use it in the custom webhook body without wrapping quotes) use it with the suffix of .numeric. E.g. $status_code.numeric
$COMPUTER_NAMEThe computer name (if exists) of the presented example log
$CATEGORYThe category (if exists) of the presented example log
$IP_ADDRESSThe Ip address (if exists) of the presented example log
$THREAD_IDThe thread id (if exists) of the presented example log
General$TEAM_NAMEThe Coralogix account name from which the alert is from
$CORALOGIX_ICON_URLThe Coralogix Icon

Google Chat API Incoming webhooks


Configuring a Google chat webhook integration can easily be done with the custom webhook integration. Choose the WebHook integration and fill in your destination chat URL, you can check the documentation from Google here to see how to retrieve the URL.

Next, define your webhook body. Note that Google chat API expects a flat JSON structure with one key “text” as the webhook body. It can still of course contain all the relevant information you are interested in from your log itself, by tagging the keys using ‘$’ as explained above. Here is an example for you to test:

{"text": "Hi team! This is the Coralogix team, your webhook structure needs to be flat with one key in the JSON in order to fit Google chats. Use the Coralogix keys tagged with '$' to signify what you would like to send. Here is an example: alert_id=$ALERT_ID, name= $ALERT_NAME, description = $ALERT_DESCRIPTION, application = $APPLICATION_NAME  ,subsystem= $SUBSYSTEM_NAME, Alert Log = $LOG_TEXT  ------- You may see the above table containing all the different options you may use to structure your custom messages. Enjoy!"}

For more Google chat API options such as using formatted text in messages, including links in messages, @mention specific/all users you can visit here.

When you are done configuring your desired webhook, In your alert, go to the ‘Notification settings” section and choose your newly defined webhook. 

** If you don’t see your new integration under your alert definition, try to refresh your browser