IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Slack action Preconfigured connectors and action types »
Elastic Docs Kibana Guide [7.12] Alerting and Actions Actions and connectors

Webhook action

edit

Webhook action

edit

The Webhook action type uses axios to send a POST or PUT request to a web service.

Connector configuration

edit

Webhook connectors have the following configuration properties.

Name
The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action.
URL
The request URL. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts.
Method
HTTP request method, either POST(default) or PUT.
Headers
A set of key-value pairs sent as headers with the request
Require authentication
If true, a username and password for login type authentication must be provided.
Username
Username for HTTP basic authentication.
Password
Password for HTTP basic authentication.

Preconfigured action type

edit
 my-webhook:
   name: preconfigured-webhook-action-type
   actionTypeId: .webhook
   config:
     url: https://test.host
     method: POST
     headers:
       testheader: testvalue
   secrets:
     user: testuser
     password: passwordkeystorevalue

Config defines information for the action type.

url
A URL string that corresponds to URL.
method
A string that corresponds to Method.
headers
A record<string, string> that corresponds to Headers.
hasAuth
A boolean that corresponds to Requires authentication. If true, this connector will require values for user and password inside the secrets configuration. Defaults to true.

Secrets defines sensitive information for the action type.

user
A string that corresponds to User. Required if hasAuth is set to true.
password
A string that corresponds to Password. Should be stored in the Kibana keystore. Required if hasAuth is set to true.

Action configuration

edit

Webhook actions have the following properties.

Body

A JSON payload sent to the request URL. For example: 

{
  "short_description": "{{context.rule.name}}",
  "description": "{{context.rule.description}}",
  ...
}

Mustache template variables (the text enclosed in double braces, for example, context.rule.name) have their values escaped, so that the final JSON will be valid (escaping double quote characters). For more information on Mustache template variables, refer to Action type and action details.

« Slack action Preconfigured connectors and action types »