Log Insight vRealize Log Insight vRealize Orchestrator

Webhook Notifications from vRealize Log Insight to vRealize Orchestrator

vRealize Log Insight introduced predefined webhook payloads starting from 8.8.  Learn how to use these payloads and leverage the benefits of this feature by exploring a case in which you need to reboot VMs via vRealize Orchestrator while ingesting logs in vRealize Log Insight

Starting from vRealize Log Insight 8.8, the webhook configuration has been moved to the Alerts section. When you click the +New Webhook button, the configuration window pops up.  

Enter a name and choose vRealize Orchestrator (vRO) as the Endpoint. Now, let us see what you need to have in the Webhook URL field. 

The webhook URL should be in the format https://<host>/vco/api/workflows/{workflowId}/executions. Here, <host> is the IP/FQDN of the vRO instance. 

For {workflowId}, go to vRO and navigate to the Workflows page, under the Library section. Click NEW WORKFLOW and provide the name, e.g. “Reboot VMs”, and create a workflow.  

Here, you have the {workflowId} that needs to be included in the webhook URL in vRealize Log Insight, in this example – https://<hostname>/vco/api/workflows/ 8f63f886-2373-44d6-9dc7-9f4862210e92/executions. For this workflow, provide the IPs of VMs as an input value and create an input parameter. In this example, the input parameter’s name is vms_ips.  

Create a schema with a scriptable task and use the vms_ips input parameter. Write a script for preparing the input value and rebooting the VMs. 

Going back to the configuration in vRealize Log Insight, choose the authorization method. There are two options – bearer token and basic. Note that basic authentication is disabled by default in vRO (here are the steps for enabling it from vco-controlcenter). For basic authentication, you need to encrypt the username:password pair with Basic64 encryption. For example, if you encrypt the username:password pair into “xyz”, provide it as a value in Basic xyz format.  

The next step is the payload. As you defined the vms_ips input parameter in vRO’s workflow, you need to send the parameter’s value during the webhook notification event. To achieve this, define a new parameter with the same name in the webhook payload. As a value of the parameter, let us take ${Info} (this is the description part of the alert). 

The last step is to create the alert. When you create an alert in vRealize Log Insight enter ${source} in the description (you can use any extracted field in the alert’s title and any static field in the description). Choose the newly created webhook configuration as an endpoint. 

You are good to go! When an alert is triggered in vRealize Log Insight, it goes to the webhook. The webhook configuration executes the workflow’s run in vRO, where the prepared script, based on the received list of IP addresses, reboots the VMs. 

Got feedback? We’d love to hear it! You can leave a review in comments.

Happy logging!


3 comments have been added so far

  1. so i’ve been looking at this for a bit now and cannot get basic auth to work but a bearer from postman works in our testing. A suggestion as well would be to build in some sort of easy way to get bearer token since it expires and that kind of defeats a solution where you rely on the webhook to function without intervention. This is why we were looking at basic auth but cannot get it to work. ty

    1. Hello Gary, thanks for your notice. For making Basic Auth work you need to enable it from /vco-controlcenter page by following the steps in documentation, which is shared in blog post.

      1. thank you – actually figured this out last week. At least its confirmed now. What we would rather do now is use bearer however they expire daily and we are looking for an easy way to have these updated without having to create crazy workarounds. Do you know if there will be an update to the webhooks to achieve this easier for everyone?

        thank you,

Leave a Reply

Your email address will not be published. Required fields are marked *