Customize your webhook payload

If you use webhooks as your alerts notification channel, you can use the default values. You can also customize the payload in the POST message for further integration into your system.

Define webhooks

When defining JSON webhooks, use the format "name":"value",. For example:

"current_state":"acknowledged",

When defining static webhook variables in a form payload, use the format name="value". For example:

current_state="acknowledged"

Do not include any custom, self-signed SSL certificates in your webhook. Our agents enable SSL by default. Due to our security policy, custom SSL certificates will not be imported into our Trust store. Webhooks with the $METADATA variable for Synthetics multi-location failure conditions are currently not supported.

Webhook values

We support these default dynamic webhook values. For your convenience, they are listed in alphabetical order, but you can define your webhook values in any order. You may also add custom variables by using your own key/value pairs.

Key	Variable
`"account_id"`	`$ACCOUNT_ID` Possible values: New Relic account ID (string)
`"account_name"`	`$ACCOUNT_NAME` Possible values: New Relic account name (string)
`"closed_violations_count_critical"`	`$CLOSED_VIOLATIONS_COUNT_CRITICAL`
`"closed_violations_count_warning"`	`$CLOSED_VIOLATIONS_COUNT_WARNING`
`"condition_id"`	`$CONDITION_ID`
`"condition_description"`	`$DESCRIPTION` This includes the description field from the alert condition, if there is one.
`"condition_name"`	`$CONDITION_NAME` Possible values: (user-defined string)
`"current_state"`	`$EVENT_STATE` Possible values: `[open\|acknowledged\|closed]`
`"details"`	`$EVENT_DETAILS`
`"duration"`	`$DURATION`
`"event_type"`	`$EVENT_TYPE` Possible values: [`INCIDENT]`
`"incident_acknowledge_url"`	`$INCIDENT_ACKNOWLEDGE_URL`
`"incident_id"`	`$INCIDENT_ID`
`"incident_url"`	`$INCIDENT_URL`
`"metadata"`	`$METADATA` Currently used only for Synthetic monitoring multi-location failure conditions. Possible values: (object)
`"open_violations_count_critical"`	`$OPEN_VIOLATIONS_COUNT_CRITICAL`
`"open_violations_count_warning"`	`$OPEN_VIOLATIONS_COUNT_WARNING`
`"owner"`	`$EVENT_OWNER`
`"policy_name"`	`$POLICY_NAME` Possible values: (user-defined string)
`"policy_url"`	`$POLICY_URL`
`"runbook_url"`	`$RUNBOOK_URL`
`"severity"`	`$SEVERITY` Possible values: [`CRITICAL]`
`"targets"`	`$TARGETS` The `$TARGETS` variable cannot be used with FORM data, but is compatible with JSON data. For static NRQL faceted alerts, the name of the facet that triggered the alert will be populated in the target’s name field. For a description of the available fields, see Target values.
`"timestamp"`	`$TIMESTAMP`
`"timestamp_utc_string"`	`$TIMESTAMP_UTC_STRING` A human-readable timestamp in the `YYYY-MM-DD, HH:MM UTC` format.
`"version"`	`$VERSION`
`"violation_callback_url"`	`$VIOLATION_CALLBACK_URL`
`"violation_chart_url"`	`$VIOLATION_CHART_URL`

Targets values

This section describes the $TARGETS field in your webhook. This data is not customizable and is provided here for reference. Your $TARGETS contain a list of zero or more targets (entities). Each target is described by a JSON object with the following fields.

Key	Variable
`"id"`	ID of the target or entity
`"name"`	Name of the target or entity
`"labels"`	Combined entity tags and NRQL facets that are derived from the condition evaluation and available entity tags.
`"link"`	URL link to this target or entity.
`"product"`	Type of product for this target or entity; for example, `APM`
`"type"`	Type of target or entity under `product`; for example, `Application`

Webhook format example

The following examples show a webhook payload using both the default dynamic variables and a custom variable. You can use some or all of the dynamic variables, along with any custom variables, to define your own payload.

Important

The following webhook example has extra spaces and line breaks for readability. Actual webhook responses are delivered as one continuous line of text. The "team": "DevOps" line is an example of a custom variable.

{
"account_id": "$ACCOUNT_ID",
"account_name": "$ACCOUNT_NAME",
"closed_violations_count_critical": "$CLOSED_VIOLATIONS_COUNT_CRITICAL",
"closed_violations_count_warning": "$CLOSED_VIOLATIONS_COUNT_WARNING",
"condition_family_id": "$CONDITION_FAMILY_ID",
"condition_id": "$CONDITION_ID",
"condition_name": "$CONDITION_NAME",
"current_state": "$EVENT_STATE",
"details": "$EVENT_DETAILS",
"duration": "$DURATION",
"event_type": "$EVENT_TYPE",
"incident_acknowledge_url": "$INCIDENT_ACKNOWLEDGE_URL",
"incident_id": "$INCIDENT_ID",
"incident_url": "$INCIDENT_URL",
"open_violations_count_critical": "$OPEN_VIOLATIONS_COUNT_CRITICAL",
"open_violations_count_warning": "$OPEN_VIOLATIONS_COUNT_WARNING",
"owner": "$EVENT_OWNER",
"policy_name": "$POLICY_NAME",
"policy_url": "$POLICY_URL",
"runbook_url": "$RUNBOOK_URL",
"severity": "$SEVERITY",
"targets": "$TARGETS",
"timestamp": "$TIMESTAMP",
"timestamp_utc_string": "$TIMESTAMP_UTC_STRING",
"violation_callback_url": "$VIOLATION_CALLBACK_URL",
"violation_chart_url": "$VIOLATION_CHART_URL",
"team": "DevOps"
}

Important

The following webhook example has extra spaces and line breaks for readability. Actual webhook responses are delivered as one continuous line of text.

account_id=$ACCOUNT_ID
account_name=$ACCOUNT_NAME
closed_violations_count_critical=$CLOSED_VIOLATIONS_COUNT_CRITICAL
closed_violations_count_warning=$CLOSED_VIOLATIONS_COUNT_WARNING
condition_family_id=$CONDITION_FAMILY_ID
condition_id=$CONDITION_ID
condition_name=$CONDITION_NAME
current_state=$EVENT_STATE
details=$EVENT_DETAILS
duration=$DURATION
event_type=$EVENT_TYPE
incident_acknowledge_url=$INCIDENT_ACKNOWLEDGE_URL
incident_id=$INCIDENT_ID
incident_url=$INCIDENT_URL
open_violations_count_critical=$OPEN_VIOLATIONS_COUNT_CRITICAL
open_violations_count_warning=$OPEN_VIOLATIONS_COUNT_WARNING
owner=$EVENT_OWNER
policy_name=$POLICY_NAME
policy_url=$POLICY_URL
runbook_url=$RUNBOOK_URL
severity=$SEVERITY
timestamp=$TIMESTAMP
timestamp_utc_string=$TIMESTAMP_UTC_STRING
violation_callback_url=$VIOLATION_CALLBACK_URL
violation_chart_url=$VIOLATION_CHART_URL
team="DevOps"  <--[example of custom variable]

{
  "@type": "MessageCard",
  "@context": "http://schema.org/extensions",
  "themeColor": "0076D7",
  "summary": "$CONDITION_NAME",
  "sections": [{
      "activityTitle": "$CONDITION_NAME",
      "activitySubtitle": "$POLICY_NAME",
      "activityImage": "https://newrelic.com/themes/custom/curio/assets/mediakit/NR_logo_Horizontal_Rev.png",
      "facts": [{
          "name": "Timestamp",
          "value": "$TIMESTAMP_UTC_STRING"
        }, {
          "name": "Account ID",
          "value": "$ACCOUNT_ID"
        }, {
          "name": "Account Name",
          "value": "$ACCOUNT_NAME"
        }, {
          "name": "Severity",
          "value": "$SEVERITY"
        }, {
          "name": "State",
          "value": "$EVENT_STATE"
        }, {
          "name": "Duration",
          "value": "$DURATION"
        }, {
          "name": "Details",
          "value": "$EVENT_DETAILS"
      }],
      "markdown": true
  }, {
    "text": "$METADATA<p><img src=\"$VIOLATION_CHART_URL\" alt=\"Incident Chart\"></img></p>"
  }],
  "potentialAction": [{
      "@type": "OpenUri",
      "name": "View Incident",
      "targets": [{
        "os": "default",
        "uri": "$INCIDENT_URL"
      }]
    }, {
      "@type": "OpenUri",
      "name": "Acknowledge Incident",
      "targets": [{
        "os": "default",
        "uri": "$INCIDENT_ACKNOWLEDGE_URL"
      }]
    }, {
      "@type": "OpenUri",
      "name": "Open Runbook",
      "targets": [{
        "os": "default",
        "uri": "$RUNBOOK_URL"
      }]
  }]
}

Define webhooks

Webhook values

Targets values

Webhook format example

JSON webhook example

Important

Form webhook example

Important

Microsoft Teams example