HTTP Callback JSON

Hey guys,

I configured now a HTTP Alert to a server. But all i get is:

{“event_definition_id”:“5e2dfbe34d69240224c8a396”,“event_definition_type”:“aggregation-v1”,“event_definition_title”:“Snort Alert”,“event_definition_description”:“Snort Alert”,“job_definition_id”:“5e3207284d692402433cf3c7”,“job_trigger_id”:“5e3212c24d69240216bb5953”,“event”:{“id”:“01DZSSJJ8W6VN3NXXBWHN3SW9D”,“event_definition_type”:“aggregation-v1”,“event_definition_id”:“5e2dfbe34d69240224c8a396”,“origin_context”:null,“timestamp”:“2020-01-29T23:15:45.000Z”,“timestamp_processing”:“2020-01-29T23:18:26.844Z”,“timerange_start”:“2020-01-29T23:14:47.502Z”,“timerange_end”:“2020-01-29T23:15:47.501Z”,“streams”:,“source_streams”:[“5dfe2cff4d6924021d8764ad”],“message”:“Snort Alert: sum(snort_alert)=4.0”,“source”:“graylog”,“key_tuple”:,“key”:"",“priority”:3,“alert”:true,“fields”:{}},“backlog”:}

The alert should look like this: in section HTTP Alert.

Why do I get this body instead?

Thank you for your help in advance.


You received expected result as you can read in documentation:

Graylog will send a POST request to the notification URL including information about the alert. Here is an example of the payload included in a notification.

If you are missing backlog section, check if you setup backlog to 1 in Alerts - Events - Definitions - Edit - Notification tab, field Message Backlog.

1 Like

Oh yeah. That was the option I was looking for. Didn’t see the button.

Thank you for your help :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.