Generic Outbound Webhooks (Alert Webhooks)

Enhance your observability workflows by sending real-time event notifications and log data to any endpoint that accepts HTTP requests. With this generic outbound webhook, you can easily integrate Coralogix with different endpoints, automate responses to critical events, and improve your organization's incident management and alerting processes.

Create a Webhook

STEP 1. From the Coralogix toolbar, navigate to Data Flow > Outbound Webhooks.

STEP 2. In the Outbound Webhooks section, click GENERIC WEBHOOK.

STEP 3. Click + ADD NEW.

STEP 4. Enter a webhook name and the URL to which you want to send an event notification.

The UUID field is auto-populated.

STEP 5. Select an HTTP method for the webhook (GET, POST, or PUT).

STEP 6. Click NEXT.

STEP 7. [Optional] Edit the message to customize the header and body of the messages that will be sent when the webhook is triggered.

Placeholders

Here is a list of all available placeholders you may use and a description of each one.

Note: If a wedhook field has multiple parameters, use spaces to separate between them. For example, the $ALERT_ID $GROUP_BY_VALUE_1-es-indexer parameters use a single space as a separator.

Alert Event Information

Placeholder	Description
$ALERT_NAME	Name of the alert
$ALERT_ACTION	Alert action, whether triggered or resolved
$ALERT_URL	URL used to access the alert in Coralogix
$ALERT_ID	Alert ID This changes every time a significant alert parameter, such as query or condition, is changed.
$ALERT_DESCRIPTION	Description added in the alert
$ALERT_UNIQUE_IDENTIFIER	Persists even when significant alert parameters are changed
$ALERT_THRESHOLD	Threshold that was defined in the alert
$ALERT_TIMEWINDOW_MINUTES	The time frame in minutes for which the alert is defined
$ALERT_GROUPBY_LABELS	The group by labels defined in the alert
$ALERT_GROUP_BY_VALUES	The values for the group by labels defined in the alert
$EVENT_TIMESTAMP_ISO	The event timestamp in ISO format
$EVENT_SEVERITY	The significance chosen for the alert: Info, Warning, Error, or Critical.
$EVENT_SEVERITY_LOWERCASE	Acts like $EVENT_SEVERITY, but uses lowercase letters
$OPSGENIE_PRIORITY	OpsGenie severity mapped from this event’s severity (INFO - P5, WARNING - P3, ERROR - P2, CRITICAL - P1)
$META_LABELS Meta labels are the `Labels` that you attach to an alert when defining it. If you want your outbound webhooks to contain these labels, add them to your template when defining the custom webhook.	Labels of the alert as one string of key-value pairs, comma-separated. Example: "firstKey:firstValue, justThis, anotherKey:anotherValue"
$META_LABELS_JSON Meta labels are the `Labels` that you attach to an alert when defining it. If you want your outbound webhooks to contain these labels, add them in your template when defining the custom webhook.	Labels of the alert presented as a JSON-formatted string Example: "{\"firstKey\":\"firstValue\",\"justThis\":null,\"anotherKey\":\"anotherValue\"}"
$META_LABELS_LIST Meta labels are the `Labels` that you attach to an alert when defining it. If you want your outbound webhooks to contain these labels, add them in your template when defining the custom webhook.	Alert label defined The set of labels is presented as an array of elements. Example: [ "firstKey:firstValue", "justThis", "anotherKey:anotherValue" ]
$EVENT_TIMESTAMP_MS	The time in milliseconds when the alert was triggered
$EVENT_TIMESTAMP	The time when the alert was triggered as a string with the date and time
$GROUP_BY_FIELD_1	Provides the first group-by field that triggers an alert.
$GROUP_BY_FIELD_2	Provides the second group-by field that triggers an alert.
$GROUP_BY_FIELD_#	Provides the X group-by field that triggers an alert. May be higher than 2 in some cases.
$GROUP_BY_VALUE_1	Provides the first group-by value for the field that triggers an alert. When grouping by a given Group By field in your alert settings, you must group the metric by this field to allow the data to propagate to the $GROUP_BY_VALUE_1.
$GROUP_BY_VALUE_2	Provides the second group-by value for the field that triggers an alert. When grouping by a given Group By field in your alert settings, you must group the metric by this field to allow the data to propagate to the $GROUP_BY_VALUE_2.
$GROUP_BY_VALUE_#	Provides the X group-by value that triggers an alert. May be higher than 2 in some cases. When grouping by a given Group By field in your alert settings, you must group the metric by this field to allow the data to propagate to the $GROUP_BY_VALUE_X.
$HIT_COUNT	Hit count presents the hit count of logs that triggered the alert
$RELATIVE_HIT_COUNT	For ratio and time relative alerts, relative hit count presents the hit count of the second query logs
$QUERY_TEXT	Presents the alert's query
$RELATIVE_QUERY_TEXT	For Ratio and Time Relative alerts, relative query text presents the alert's second query
$DEFINED_RATIO_THRESHOLD	For Ratio and Time Relative alerts, the defined ratio threshold presents the ratio threshold defined in the alert
$ACTUAL_RATIO	For Ratio and Time Relative alerts, the actual ratio presents the resulted ratio for the alert
$METRIC_KEY	For Metric Lucene-based alerts, the metric key is the field on which you create the metric alert. This alert type is deprecated and exists only for existing customers who previously defined this type of alert.
$METRIC_OPERATOR	For Metric Lucene-based alerts, the metric operator is the arithmetic function that is being applied when checking the alert This alert type is deprecated and exists only for existing customers who previously defined this type of alert.
$TIMEFRAME	For Metric alerts, the timeframe over which the metric alert is checked
$TIMEFRAME_OVER_THRESHOLD	For Metric alerts, contains all of the following elements: • The percentage of time over the threshold. • Average of the values crossing the threshold. • Max of the values crossing the threshold. • Min of the values crossing the threshold. (Irrelevant for sum and count arithmetic operators.)
$METRIC_CRITERIA	For Metric alerts, the condition that is checked in the alert (‘over’ or ‘under’)
$SERVICE	The service for which the span was triggered
$SPANS	The number of spans
$DURATION	Duration of the triggered span

Ratio / Time Relative Alerts

Placeholder	Description
$RATIO_QUERY_ONE	Query one alias
$RATIO_QUERY_TWO	Query two aliases
$RATIO_TIMEFRAME	The timeframe over which the alert triggers

Flow Alerts

Placeholder	Description
$FLOW_ALERT_RELATED_ALERTS	The data about the alerts that trigger this flow

Unique Count Alerts

Placeholder	Description
$UNIQUE_COUNT_VALUES_LIST	The unique values for the triggered alert

New Value Alerts

Placeholder	Description
$NEW_VALUE_TRACKED_KEY	The key defined to track new values from

Log Information

Placeholder	Description
$LOG_URL	Link to the alert logs
$APPLICATION_NAME	The application name of the presented example log
$SUBSYSTEM_NAME	The subsystem name of the presented example log
$LOG_TEXT	The entire log payload, whether it is a textual log or JSON formatted log
$JSON_KEY	In case the logs are JSON formatted, you may include any key (JSON field) from the log itself
$JSON_KEY.numeric	If the chosen field possesses a number value and you wish to include it in its numeric form (use it in the custom webhook body without wrapping quotes), use it with the suffix .numeric. E.g. $status_code.numeric
$COMPUTER_NAME	The computer name (if it exists) of the presented example log
$CATEGORY	The category (if it exists) of the presented example log
$IP_ADDRESS	The IP address (if it exists) of the presented example log
$THREAD_ID	The thread ID (if it exists) of the presented example log

General Information

Placeholder	Description
$TEAM_NAME	The Coralogix account name from which the alert originates
$CORALOGIX_ICON_URL	The Coralogix icon
$COMPANY_ID	The company ID
$DEDUP_KEY	The key Coralogix uses to dedup when sending to different integrations

STEP 8. Click TEST CONFIG.

The system sends an HTTP call with the specified parameters to check that your configuration is valid. If the HTTP call is received successfully, a confirmation message is displayed.