Webhooks Showing actual results not link

%3CLINGO-SUB%20id%3D%22lingo-sub-123613%22%20slang%3D%22en-US%22%3EWebhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-123613%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20know%20how%20I%20can%20get%20the%20values%20from%20the%20query%20into%20a%20webhook%20instead%20of%20just%20posting%20a%20link%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWant%20to%20make%20it%20easier%20for%20our%20non-techy%20coworkers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-123613%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECustom%20Logs%20and%20Custom%20Fields%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126211%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126211%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F68646%22%20target%3D%22_blank%22%3E%40Evgeny%20Ternovsky%3C%2FA%3E%26nbsp%3Bdidn't%20think%20about%20using%20that%20option.%20Any%20idea%20on%20the%20alerts%20fix%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-125938%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-125938%22%20slang%3D%22en-US%22%3E%3CP%3E%40Deleted%26nbsp%3B-%20if%20you're%20okay%20bypassing%20the%20alerts%20mechanism%2C%20especially%20until%20we%20get%20a%20fix%20in%20place%2C%20I'd%20encourage%20you%20to%20check%20out%20Microsoft%20Flow%2FAzure%20Logic%20Apps%20(same%20service%2C%20one%20hosted%20in%20the%20Power%20BI%20world%2C%20one%20in%20Azure%2C%20respectively).%20We%20have%20activities%20available%20for%20Azure%20Log%20Analytics%20to%20run%20a%20query%2C%20or%20to%20run%20a%20query%20and%20visualize%20the%20results%2C%20as%20well%20as%20a%20host%20of%20Slack%20connection%20points.%20You%20can%20learn%20more%20about%20this%20integration%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flog-analytics%2Flog-analytics-flow-tutorial%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-125164%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-125164%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F76537%22%20target%3D%22_blank%22%3E%40Brian%20Wren%3C%2FA%3E%26nbsp%3Bis%20there%20anything%20that%20can%20be%20done%20in%20future%20releases%20on%20the%20oms%20side%20to%20aide%20in%20this.%20I'm%20guessing%20I'm%20not%20the%20only%20one%20trying%20to%20get%20this%20function%20out.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-125128%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-125128%22%20slang%3D%22en-US%22%3E%3CP%3EI%20think%20I%20see%20what's%20going%20on.%26nbsp%3B%20Slack%20expects%20a%26nbsp%3Bpayload%20with%20a%20single%20property%20called%20text.%26nbsp%3B%20I%20think%20you're%20sending%20the%20detailed%20records%2C%20but%20Slack%20is%20only%20selecting%20the%20text%20property.%26nbsp%3B%20You%20can%20test%20this%20with%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Frequestb.in%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frequestb.in%3C%2FA%3E%20which%20will%20accept%20a%20test%20webhook%20and%20show%20you%26nbsp%3Bthe%20exact%20payload%20it%20received.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20challenge%20is%20I%20don't%20think%20we%20can%20format%20our%20payload%20like%20that%20directly%20from%20the%20alert.%26nbsp%3B%20You%20would%20need%20those%20detailed%20records%20in%20the%20text%20property%2C%20but%20we%20put%20them%20in%20a%20property%20called%20SearchResults.%26nbsp%3B%26nbsp%3BUnless%20Slack%26nbsp%3Bgives%20you%20more%20flexibility%20to%20specify%20the%20property%20in%20the%20payload%20you%20want%2C%20I%20think%20you'd%20need%20to%26nbsp%3Bdo%20something%20like%26nbsp%3Bhave%20the%20alert%20call%20a%20runbook%20that%20scrubbed%20the%20data%20into%20the%20format%20you%20need%20before%20passing%20it%20on%20to%20Slack.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-124839%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-124839%22%20slang%3D%22en-US%22%3E%3CP%3EIts%20posting%20but%20nothing%20comes%20out%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F76537%22%20target%3D%22_blank%22%3E%40Brian%20Wren%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-124838%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-124838%22%20slang%3D%22en-US%22%3E%3CP%3EYou're%20seeing%20an%20internal%20server%20error%20in%20the%20payload%3F%26nbsp%3B%26nbsp%3BI%20just%20tested%20that%20exact%20syntax%20and%20got%20the%20detailed%20results%20as%20expected.%26nbsp%3B%20Can%20you%20give%20me%20some%20more%20details%26nbsp%3Band%20possibly%20screenshots%20to%20try%20to%20figure%20out%20what's%20going%20on%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-124835%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-124835%22%20slang%3D%22en-US%22%3E%3CP%3E%7B%3CBR%20%2F%3E%22alertname%22%3A%22%23alertrulename%22%2C%3CBR%20%2F%3E%22IncludeSearchResults%22%3Atrue%3CBR%20%2F%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20putting%20that%20and%20getting%20InternalServerError%20(this%20is%20for%20slack)%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F76537%22%20target%3D%22_blank%22%3E%40Brian%20Wren%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-124832%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-124832%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20put%26nbsp%3B%3CSPAN%3E%22IncludeSearchResults%22%3Atrue%20into%20the%20payload.%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flog-analytics%2Flog-analytics-alerts-actions%23webhook-actions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flog-analytics%2Flog-analytics-alerts-actions%23webhook-actions%3C%2FA%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-124416%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-124416%22%20slang%3D%22en-US%22%3E%3CP%3EAdding%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F76537%22%20target%3D%22_blank%22%3E%40Brian%20Wren%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1476306%22%20slang%3D%22en-US%22%3ERe%3A%20Webhooks%20Showing%20actual%20results%20not%20link%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1476306%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F76537%22%20target%3D%22_blank%22%3E%40Brian%20Wren%3C%2FA%3E%2C%20do%20we%20have%20any%20fix%20for%20it%2C%20we%20are%20also%20trying%20to%20send%20search%20result%20data%20to%20slack%20but%20still%20not%20able%20to.%3CBR%20%2F%3EAny%20pointers%20would%20be%20helpful.%20TIA%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

Hi there,

 

Anyone know how I can get the values from the query into a webhook instead of just posting a link?

 

Want to make it easier for our non-techy coworkers

 

 

 

Thanks

10 Replies
Highlighted
Highlighted
Highlighted

{
"alertname":"#alertrulename",
"IncludeSearchResults":true
}

 

I'm putting that and getting InternalServerError (this is for slack)

@Brian Wren

Highlighted

You're seeing an internal server error in the payload?  I just tested that exact syntax and got the detailed results as expected.  Can you give me some more details and possibly screenshots to try to figure out what's going on?

Highlighted

Its posting but nothing comes out

@Brian Wren

Highlighted

I think I see what's going on.  Slack expects a payload with a single property called text.  I think you're sending the detailed records, but Slack is only selecting the text property.  You can test this with https://requestb.in which will accept a test webhook and show you the exact payload it received.

The challenge is I don't think we can format our payload like that directly from the alert.  You would need those detailed records in the text property, but we put them in a property called SearchResults.  Unless Slack gives you more flexibility to specify the property in the payload you want, I think you'd need to do something like have the alert call a runbook that scrubbed the data into the format you need before passing it on to Slack.

Highlighted

@Brian Wren is there anything that can be done in future releases on the oms side to aide in this. I'm guessing I'm not the only one trying to get this function out.

Highlighted

@Deleted - if you're okay bypassing the alerts mechanism, especially until we get a fix in place, I'd encourage you to check out Microsoft Flow/Azure Logic Apps (same service, one hosted in the Power BI world, one in Azure, respectively). We have activities available for Azure Log Analytics to run a query, or to run a query and visualize the results, as well as a host of Slack connection points. You can learn more about this integration here.

Highlighted

Thanks @Evgeny Ternovsky didn't think about using that option. Any idea on the alerts fix?

 

Highlighted

Hi @Brian Wren, do we have any fix for it, we are also trying to send search result data to slack but still not able to.
Any pointers would be helpful. TIA