Forum Discussion
Dimensions in webhook payload
Michael_Milirud I will send you a message offline with some json data. I may need to redact some sensitive data, but the data will be intact otherwise
-Akos- The post was about the new 'Dimensions' section in the payload for metric measure log alert type that you control, that split the alerts and provide the context of the fired alerts.
AffectedConfigurationItems is an old and only partly reliable feature that uses heuristics of column names. Future API version will not have AffectedConfigurationItems, but will make it easier to define dimensions even for simple count of rows.
There is an example here (and in the common schema definition page you have):
- -Akos-Aug 03, 2020Brass Contributor
Hi yalavi
Thank you for your answer, but that is a bit of a shame. Currently I'm using this piece of code then to parse Log Analytics queries to get a list of affected machines:
if($WebhookBody.SearchResult -ne $null){ $SearchResultRows = $WebhookBody.SearchResult.tables[0].rows $SearchResultColumns = $WebhookBody.SearchResult.tables[0].columns; $Records = @() foreach ($SearchResultRow in $SearchResultRows){ $Column = 0 $Record = New-Object –TypeName PSObject foreach ($SearchResultColumn in $SearchResultColumns){ $Name = $SearchResultColumn.name $ColumnValue = $SearchResultRow[$Column] $Record | Add-Member –MemberType NoteProperty –Name $name –Value $ColumnValue -Force $Column++ } $Records += $Record }
But if I just could read out a single entry like $WebhookBody.data.alertContext.AffectedConfigurationItems it would have made life somewhat easier.
The link you are referring to shows all sorts of examples that are not in the Common Alert Schema, which is what I want to avoid. I want to be able to properly parse json data, and I find it difficult enough as is.
You mention a future API version; I hope enough examples will be put online on what the output will look like