Nov 02 2017
10:11 AM
- last edited on
Apr 07 2022
04:47 PM
by
TechCommunityAP
Nov 02 2017
10:11 AM
- last edited on
Apr 07 2022
04:47 PM
by
TechCommunityAP
Hi there,
Anyone know how I can get the values from the query into a webhook instead of just posting a link?
Want to make it easier for our non-techy coworkers
Thanks
Nov 06 2017 04:18 PM
You put "IncludeSearchResults":true into the payload. https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-alerts-actions#webhook-actions
Nov 06 2017 04:24 PM
{
"alertname":"#alertrulename",
"IncludeSearchResults":true
}
I'm putting that and getting InternalServerError (this is for slack)
Nov 06 2017 04:53 PM
You're seeing an internal server error in the payload? I just tested that exact syntax and got the detailed results as expected. Can you give me some more details and possibly screenshots to try to figure out what's going on?
Nov 06 2017 05:23 PM
Its posting but nothing comes out
Nov 07 2017 10:04 AM
I think I see what's going on. Slack expects a payload with a single property called text. I think you're sending the detailed records, but Slack is only selecting the text property. You can test this with https://requestb.in which will accept a test webhook and show you the exact payload it received.
The challenge is I don't think we can format our payload like that directly from the alert. You would need those detailed records in the text property, but we put them in a property called SearchResults. Unless Slack gives you more flexibility to specify the property in the payload you want, I think you'd need to do something like have the alert call a runbook that scrubbed the data into the format you need before passing it on to Slack.
Nov 07 2017 11:27 AM
@Brian Wren is there anything that can be done in future releases on the oms side to aide in this. I'm guessing I'm not the only one trying to get this function out.
Nov 09 2017 12:55 AM
@Deleted - if you're okay bypassing the alerts mechanism, especially until we get a fix in place, I'd encourage you to check out Microsoft Flow/Azure Logic Apps (same service, one hosted in the Power BI world, one in Azure, respectively). We have activities available for Azure Log Analytics to run a query, or to run a query and visualize the results, as well as a host of Slack connection points. You can learn more about this integration here.
Nov 09 2017 10:44 AM
Thanks @Evgeny Ternovsky didn't think about using that option. Any idea on the alerts fix?
Jun 18 2020 07:45 PM - edited Jun 18 2020 07:49 PM
Hi @Brian Wren, do we have any fix for it, we are also trying to send search result data to slack but still not able to.
Any pointers would be helpful. TIA