In our previous post we detailed how to send VMware Aria Operations (formerly vRealize Operations) Alerts to Slack. This blog will detail how to send VMware Aria Operations for Logs (formerly vRealize Log Insight) Alerts to Slack. We can use the same Slack Webhook URL we set up previously, so this should be a bit easier.
Log into Aria Operations for Logs and go to Alerts - Webhook - NEW WEBHOOK.
I've given my new Webhook a name, selected Slack from the Endpoint dropdown (three other options are Pager Duty, vRO, and Custom), and provided the Slack Webhook URL configured in our previous blog. Another previous blog details how to send Aria Operations for Logs Alerts to Microsoft Teams.
The Individual Logs Log Payload dropdown creates one Slack for each log triggering an Alert. Log Stream will create one Slack for all matching results, documentation for this can be found here.
Once configured, click TEST ALERT to send an Alert to Slack.
Once done, click SAVE.
At this point you have a Webhook to use for an Alert, let's create one. Go to Alerts - Alert Definitions - CREATE NEW.
Let's create an Alert for SSH against a certain box and configure a Webhook for it.
As you can see, I gave mine a Name, Description, Query, and selected our previously created Webhook from the Select Webhook dropdown. I then clicked SEND TEST ALERT to test it.
Click SAVE to save it and we'll wait for one to hit.
As you can see, we just had some come in, which in turn generated a Slack.
If you'd like, we can adjust the Webhook Payload as well. Going back into your Webhook definition, let's have a look.
I've adjusted mine to be a bit more descriptive. I've included the actual source, so users know what's generating the Slacks. I've also adjusted formatting and included the log message itself. They look like this in Slack.
For more information on Aria Operations for Logs, go here!