Custom JSON Webhook for Teams showing search results

%3CLINGO-SUB%20id%3D%22lingo-sub-2162058%22%20slang%3D%22en-US%22%3ECustomer%20JSON%20Webhook%20for%20Teams%20showing%20search%20results%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2162058%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3CBR%20%2F%3EDoes%20anyone%20know%20if%20its%20possible%20to%20send%20a%20custom%20webhook%20payload%20to%20teams%20that%20also%20includes%20the%20search%20results%20(or%20the%20top%2010%20at%20least%20%3F)%3CBR%20%2F%3EI%20have%20webhooks%20working%20without%20search%20results%20and%20using%20openuri%20for%20the%20potential%20actions%20in%20the%20Teams%20Customer%20JSON%20Payload%20for%20the%20azure%20alert%2C%20just%20tried%20many%20ways%20for%20the%20JSON%20Table%20that%20is%20sent%20in%20the%20payload%20when%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3E%22IncludeSearchResults%22%3A%20true%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%3CBR%20%2F%3EI%20have%20been%20playing%20with%20this%20-%3CBR%20%2F%3E%3CBR%20%2F%3E%7B%3CBR%20%2F%3E%22alertname%22%3A%22AcmeRule%22%2C%22IncludeSearchResults%22%3Atrue%2C%3CBR%20%2F%3E%22SearchResults%22%3A%3CBR%20%2F%3E%7B%3CBR%20%2F%3E%22tables%22%3A%5B%3CBR%20%2F%3E%7B%22name%22%3A%22PrimaryResult%22%2C%22columns%22%3A%3CBR%20%2F%3E%5B%3CBR%20%2F%3E%7B%22name%22%3A%22%24table%22%2C%22type%22%3A%22string%22%7D%2C%3CBR%20%2F%3E%7B%22name%22%3A%22Id%22%2C%22type%22%3A%22string%22%7D%2C%3CBR%20%2F%3E%7B%22name%22%3A%22TimeGenerated%22%2C%22type%22%3A%22datetime%22%7D%3CBR%20%2F%3E%5D%2C%3CBR%20%2F%3E%22rows%22%3A%3CBR%20%2F%3E%5B%3CBR%20%2F%3E%5B%22Fabrikam%22%2C%2233446677a%22%2C%222018-02-02T15%3A03%3A12.18Z%22%5D%2C%3CBR%20%2F%3E%5B%22Contoso%22%2C%2233445566b%22%2C%222018-02-02T15%3A16%3A53.932Z%22%5D%3CBR%20%2F%3E%5D%3CBR%20%2F%3E%7D%3CBR%20%2F%3E%5D%3CBR%20%2F%3E%7D%2C%3CBR%20%2F%3E%22%40context%22%3A%20%22%3CA%20href%3D%22http%3A%2F%2Fschema.org%2Fextensions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttp%3A%2F%2Fschema.org%2Fextensions%3C%2FA%3E%22%2C%3CBR%20%2F%3E%22%40type%22%3A%20%22MessageCard%22%2C%3CBR%20%2F%3E%22themeColor%22%3A%20%22CC4216%22%2C%3CBR%20%2F%3E%22title%22%3A%20%22%23alertrulename%22%2C%3CBR%20%2F%3E%22text%22%3A%20%22%23alertrulename%20returned%20%23searchresultcount%20records%20which%20exceeds%20the%20threshold%20of%20%23thresholdvalue%20.%22%2C%3CBR%20%2F%3E%22potentialAction%22%3A%20%5B%7B%3CBR%20%2F%3E%22%40type%22%3A%20%22OpenUri%22%2C%3CBR%20%2F%3E%22name%22%3A%20%22See%20details%20in%20AppInsights%22%2C%3CBR%20%2F%3E%22targets%22%3A%20%5B%7B%3CBR%20%2F%3E%22os%22%3A%20%22default%22%2C%3CBR%20%2F%3E%22uri%22%3A%20%22%23linktosearchresults%22%3CBR%20%2F%3E%7D%5D%3CBR%20%2F%3E%7D%5D%2C%3CBR%20%2F%3E%22sections%22%3A%20%5B%7B%3CBR%20%2F%3E%22facts%22%3A%20%5B%7B%3CBR%20%2F%3E%22name%22%3A%20%22Severity%3A%22%2C%3CBR%20%2F%3E%22value%22%3A%20%22%23severity%22%3CBR%20%2F%3E%7D%2C%3CBR%20%2F%3E%7B%3CBR%20%2F%3E%22name%22%3A%20%22ResultCount%3A%22%2C%3CBR%20%2F%3E%22value%22%3A%20%22%23searchresultcount%22%3CBR%20%2F%3E%7D%2C%3CBR%20%2F%3E%7B%3CBR%20%2F%3E%22name%22%3A%20%22Search%20Interval%20StartTime%3A%22%2C%3CBR%20%2F%3E%22value%22%3A%20%22%23searchintervalstarttimeutc%22%3CBR%20%2F%3E%7D%2C%3CBR%20%2F%3E%7B%3CBR%20%2F%3E%22name%22%3A%20%22Search%20Interval%20End%20time%3A%22%2C%3CBR%20%2F%3E%22value%22%3A%20%22%23searchintervalendtimeutc%22%3CBR%20%2F%3E%7D%5D%3CBR%20%2F%3E%7D%5D%3CBR%20%2F%3E%7D%3CBR%20%2F%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi All,
Does anyone know if its possible to send a custom webhook payload to teams that also includes the search results (or the top 10 at least ?)
I have webhooks working without search results and using openuri for the potential actions in the Teams Customer JSON Payload for the azure alert, just tried many ways for the JSON Table that is sent in the payload when

"IncludeSearchResults": true


I have been playing with this -

{
"alertname":"AcmeRule","IncludeSearchResults":true,
"SearchResults":
{
"tables":[
{"name":"PrimaryResult","columns":
[
{"name":"$table","type":"string"},
{"name":"Id","type":"string"},
{"name":"TimeGenerated","type":"datetime"}
],
"rows":
[
["Fabrikam","33446677a","2018-02-02T15:03:12.18Z"],
["Contoso","33445566b","2018-02-02T15:16:53.932Z"]
]
}
]
},
"@context": "http://schema.org/extensions",
"@type": "MessageCard",
"themeColor": "CC4216",
"title": "#alertrulename",
"text": "#alertrulename returned #searchresultcount records which exceeds the threshold of #thresholdvalue .",
"potentialAction": [{
"@type": "OpenUri",
"name": "See details in AppInsights",
"targets": [{
"os": "default",
"uri": "#linktosearchresults"
}]
}],
"sections": [{
"facts": [{
"name": "Severity:",
"value": "#severity"
},
{
"name": "ResultCount:",
"value": "#searchresultcount"
},
{
"name": "Search Interval StartTime:",
"value": "#searchintervalstarttimeutc"
},
{
"name": "Search Interval End time:",
"value": "#searchintervalendtimeutc"
}]
}]
}
Thanks

0 Replies