Notification Channel: Webhook

Sysdig Monitor supports sending notifications to a custom webhook. Go to "Settings > Notifications" and add a channel of type "Webhook" and provide the URL endpoint of your choice.

Screenshot_2017-06-08_10.48.23.png

Once you have created the channel, you can add this Webhook channel to any alert by editing the configuration for that alert. Then, when your alert fires, the notification will be sent as a POST in JSON format to your webhook endpoint. 

For testing purposes, you can use a third-party site like http://requestb.in/ to create a temporary endpoint to see exactly what our alert will send in any specific notification.

 

Description of POST data:

"timestamp": Unix timestamp of when notification fired
"timespan": alert duration in seconds
"alert": info on the alert that generated the event triggering the notification
    "severity": 0 - 7 int value
    "editUrl": URL to edit the alert
    "scope": scope as defined in the alert
    "name": alert name
    "description": alert description
    "id": alert id
"event": info on the event that triggered the notification
    "id": event id
    "url": URL to view the event
"state": ACTIVE (alert condition is met) or OK (alert condition no longer met)
"resolved": false (alert has not been manually resolved) or true (it has)
"entities": array of nodes within the alert scope that triggered the notification
    "entity": metadata to identify the node
    "metricValues": array of metrics that triggered the notification
          "metric": metric name
          "aggregation": time aggregation method used to calculate the metric
          "groupAggregation": group aggregation method used to calculate the metric
          "value": metric value
    "additionalInfo": array of additional metadata about the entity
          "metric": metadata key
          "value": metadata value
"condition": alert condition

 

Example of POST data:


{
"timestamp": 1471457820000000,
"timespan": 60000000,
"alert": {
"severity": 4,
"editUrl": "http://app.sysdigcloud.com/#/alerting/alerts/1/edit",
"scope": "host.mac = \"00:0c:29:04:07:c1\"",
"name": "alertName",
"description": "alertDescription",
"id": 1
},
"event": {
"id": 1,
"url": "http://app.sysdigcloud.com/#/alerting/notifications/l:604800/1/details"
},
"state": "ACTIVE",
"resolved": false,
"entities": [{
"entity": "host.mac = '00:0c:29:04:07:c1'",
"metricValues": [{
"metric": "cpu.used.percent",
"aggregation": "timeAvg",
"groupAggregation": "none",
"value": 100.0
}],
"additionalInfo": [{
"metric": "host.hostName",
"value": "sergio-virtual-machine"
}]
}],
"condition": "timeAvg(cpu.used.percent) > 10"
}
Have more questions? Submit a request