Customize your webhook payload

Admins or Owner

If you use webhooks as your alert notification channel, you can use the default values in New Relic Alerts. You can also customize the payload in the POST message for further integration into your system.

Define webhooks

When defining JSON webhooks, use the format "name":"value",. For example:

"current_state":"acknowledged",

When defining static webhook variables in a form payload, use the format name="value". For example:

current_state="acknowledged"

Do not include any custom, self-signed SSL certificates in your webhook. Our agents enable SSL by default. Due to our security policy, custom SSL certificates will not be imported into our Trust store.

Webhook values

We support these default dynamic webhook values. For your convenience, they are listed in alphabetical order, but you can define your webhook values in any order. You may also add custom variables by using your own key/value pairs.

Key Variable
"account_id"

$ACCOUNT_ID

Possible values: New Relic account ID (string)

"account_name"

$ACCOUNT_NAME

Possible values: New Relic account name (string)

"closed_violations_count_critical"

$CLOSED_VIOLATIONS_COUNT_CRITICAL

"closed_violations_count_warning"

$CLOSED_VIOLATIONS_COUNT_WARNING

"condition_id"

$CONDITION_ID

"condition_name"

$CONDITION_NAME

Possible values: (user-defined string)

"current_state"

$EVENT_STATE

Possible values: [OPEN|ACKNOWLEDGED|CLOSED]

"details" $EVENT_DETAILS
"duration"

$DURATION

"event_type"

$EVENT_TYPE

Possible values: [INCIDENT]

"incident_acknowledge_url" $INCIDENT_ACKNOWLEDGE_URL
"incident_api_url" $INCIDENT_API_URL
"incident_id" $INCIDENT_ID
"incident_url" $INCIDENT_URL
"open_violations_count_critical"

$OPEN_VIOLATIONS_COUNT_CRITICAL

"open_violations_count_warning"

$OPEN_VIOLATIONS_COUNT_WARNING

"owner" $EVENT_OWNER
"policy_name"

$POLICY_NAME

Possible values: (user-defined string)

"policy_url" $POLICY_URL
"runbook_url" $RUNBOOK_URL
"severity"

$SEVERITY

Possible values: [CRITICAL]

"targets"

$TARGETS

The $TARGETS variable cannot be used with FORM data, but is compatible with JSON data.

For static NRQL faceted alerts, the name of the facet that triggered the alert will be populated in the target’s name field.

"timestamp" $TIMESTAMP
"version" $VERSION
"violation_callback_url"

$VIOLATION_CALLBACK_URL

"violation_chart_url" $VIOLATION_CHART_URL

Webhook format example

The following examples show a webhook payload using both the default dynamic variables and a custom variable. You can use some or all of the dynamic variables, along with any custom variables, to define your own payload.

JSON webhook example

The following webhook example has extra spaces and line breaks for readability. Actual webhook responses are delivered as one continuous line of text.

{
"account_id": "$ACCOUNT_ID",
"account_name": "$ACCOUNT_NAME",
"closed_violations_count_critical": "$CLOSED_VIOLATIONS_COUNT_CRITICAL",
"closed_violations_count_warning": "$CLOSED_VIOLATIONS_COUNT_WARNING",
"condition_family_id": "$CONDITION_FAMILY_ID",
"condition_id": "$CONDITION_ID",
"condition_name": "$CONDITION_NAME",
"current_state": "$EVENT_STATE",
"details": "$EVENT_DETAILS",
"duration": "$DURATION",
"event_type": "$EVENT_TYPE",
"incident_acknowledge_url": "$INCIDENT_ACKNOWLEDGE_URL",
"incident_id": "$INCIDENT_ID",
"incident_url": "$INCIDENT_URL",
"open_violations_count_critical": "$OPEN_VIOLATIONS_COUNT_CRITICAL",
"open_violations_count_warning": "$OPEN_VIOLATIONS_COUNT_WARNING",
"owner": "$EVENT_OWNER",
"policy_name": "$POLICY_NAME",
"policy_url": "$POLICY_URL",
"runbook_url": "$RUNBOOK_URL",
"severity": "$SEVERITY",
"targets": "$TARGETS",
"timestamp": "$TIMESTAMP",
"violation_callback_url": "$VIOLATION_CALLBACK_URL",
"violation_chart_url": "$VIOLATION_CHART_URL",
"team": "DevOps"  <--[example of custom variable]
}
Form webhook example

The following webhook example has extra spaces and line breaks for readability. Actual webhook responses are delivered as one continuous line of text.

account_id=$ACCOUNT_ID
account_name=$ACCOUNT_NAME
closed_violations_count_critical=$CLOSED_VIOLATIONS_COUNT_CRITICAL
closed_violations_count_warning=$CLOSED_VIOLATIONS_COUNT_WARNING
condition_family_id=$CONDITION_FAMILY_ID
condition_id=$CONDITION_ID
condition_name=$CONDITION_NAME
current_state=$EVENT_STATE
details=$EVENT_DETAILS
duration=$DURATION
event_type=$EVENT_TYPE
incident_acknowledge_url=$INCIDENT_ACKNOWLEDGE_URL
incident_id=$INCIDENT_ID
incident_url=$INCIDENT_URL
open_violations_count_critical=$OPEN_VIOLATIONS_COUNT_CRITICAL
open_violations_count_warning=$OPEN_VIOLATIONS_COUNT_WARNING
owner=$EVENT_OWNER
policy_name=$POLICY_NAME
policy_url=$POLICY_URL
runbook_url=$RUNBOOK_URL
severity=$SEVERITY
timestamp=$TIMESTAMP
violation_callback_url=$VIOLATION_CALLBACK_URL
violation_chart_url=$VIOLATION_CHART_URL
team="DevOps"  <--[example of custom variable]
Plain text output
New Relic Alert
Incident open: CPU > 50% for 5 minutes
Policy: http://alerts.newrelic.com/accounts/1234/policies/5678
Chart URL: http://gorgon.nr-assets.net/image/12345678-abcd-efgh-ijkl-1234567890

For more details, see:
http://alerts.newrelic.com/accounts/1234/incidents/3456

For more help

Recommendations for learning more: