Log Insight vRealize Log Insight vRealize Orchestrator

Webhook Notifications from vRealize Log Insight to vRealize Orchestrator

vRealize Log Insight introduced predefined webhook payloads starting from 8.8.  Learn how to use these payloads and leverage the benefits of this feature by exploring a case in which you need to reboot VMs via vRealize Orchestrator while ingesting logs in vRealize Log Insight

Starting from vRealize Log Insight 8.8, the webhook configuration has been moved to the Alerts section. When you click the +New Webhook button, the configuration window pops up.  

Enter a name and choose vRealize Orchestrator (vRO) as the Endpoint. Now, let us see what you need to have in the Webhook URL field. 

The webhook URL should be in the format https://<host>/vco/api/workflows/{workflowId}/executions. Here, <host> is the IP/FQDN of the vRO instance. 

For {workflowId}, go to vRO and navigate to the Workflows page, under the Library section. Click NEW WORKFLOW and provide the name, e.g. “Reboot VMs”, and create a workflow.  

Here, you have the {workflowId} that needs to be included in the webhook URL in vRealize Log Insight, in this example – https://<hostname>/vco/api/workflows/ 8f63f886-2373-44d6-9dc7-9f4862210e92/executions. For this workflow, provide the IPs of VMs as an input value and create an input parameter. In this example, the input parameter’s name is vms_ips.  

Create a schema with a scriptable task and use the vms_ips input parameter. Write a script for preparing the input value and rebooting the VMs. 

Going back to the configuration in vRealize Log Insight, choose the authorization method. There are two options – bearer token and basic. Note that basic authentication is disabled by default in vRO (here are the steps for enabling it from vco-controlcenter). For basic authentication, you need to encrypt the username:password pair with Basic64 encryption. For example, if you encrypt the username:password pair into “xyz”, provide it as a value in Basic xyz format.  

The next step is the payload. As you defined the vms_ips input parameter in vRO’s workflow, you need to send the parameter’s value during the webhook notification event. To achieve this, define a new parameter with the same name in the webhook payload. As a value of the parameter, let us take ${Info} (this is the description part of the alert). 

The last step is to create the alert. When you create an alert in vRealize Log Insight enter ${source} in the description (you can use any extracted field in the alert’s title and any static field in the description). Choose the newly created webhook configuration as an endpoint. 

You are good to go! When an alert is triggered in vRealize Log Insight, it goes to the webhook. The webhook configuration executes the workflow’s run in vRO, where the prepared script, based on the received list of IP addresses, reboots the VMs. 

Got feedback? We’d love to hear it! You can leave a review in comments.

Happy logging!


Leave a Reply

Your email address will not be published.