Earlier while creating any new Log analytics alerts on a Resource Group. We use to see customized actions. to include webhook payload while calling a function, if we want to include search results from the log analytics query. Shown Below. Somehow am not able to see this check box anymore. Is there a way to still include search results from an alert to the following function call?
Hi,
The ability to customize the webhook payload was available in legacy API for Log Alerts. More here and here. Recommendation is to migrate to the new API for alerts. Probably the portal was updated to use the new API only or you are using it on workspace that was created after June 2019. If you use the new API (scheduledQueryRules) with version 2018-04-16 you are using Log Alert v1 and if you use with version 2021-02-01-preview you are using Log Alert v2. Both of these APIs support adding custom static data to the webhook payload via customWebhookPayload property. If you use Log Alert v1 search results will be send via the webhook payload. If you use Log Alert v2 only the fields (columns) defined in dimensions will be send via the webhook payload. If you want the full search results with Log Alert v2 in the webhook payload you have links to the Log Analytics query API that you can use to get the data programmatically. I am not sure if customWebhookPayload is exposed trough the Portal but it should be possible to define it if you use the API via ARM template deployments for example. In any case it is best to plan your migration from legacy API to Log Alert v1 or v2.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
11 people are following this question.
