Webhook Configuration
Connect LogTrace to external systems — Slack, Telegram, Jira, or any HTTP endpoint — to receive real-time alert notifications and event streams.
Creating a Webhook for Alerts
LogTrace pushes alert events to your webhook URL the moment a rule condition is met. Each webhook is tied to a specific alert rule and can include full context: source host, log lines, severity, and rule metadata.
Step 1 — Define the Alert Rule
Navigate to Alerts → Rules in the LogTrace dashboard. Click Create Rule and configure a condition, for example: status_code >= 500 AND count(5m) > 20. Give the rule a name such as "Nginx 5xx Spike — Prod" and set the severity to Critical.
Step 2 — Add a Webhook Action
Inside the rule editor, open the Actions tab and select Webhook. Enter your endpoint URL (e.g., https://hooks.yourcompany.io/logtrace/alerts). You may attach a bearer token in the Authorization header or use a static secret in the query string. Set the retry policy — default is 3 retries with exponential backoff (1 s, 4 s, 16 s).
Step 3 — Test from the UI
Click Send Test Payload in the webhook configuration panel. LogTrace will fire a sample POST request to your endpoint and display the response status code and body. A green checkmark confirms delivery; red indicates a failure with details (timeout, 4xx/5xx, TLS error). You can inspect raw headers and the full JSON body in the Request Log drawer.
After saving, the webhook becomes active immediately. All matching alert events are forwarded within 2 seconds of rule evaluation. Monitor delivery health under Settings → Webhooks → Delivery Log, which retains the last 10,000 dispatch records.
JSON Payload Structure
Every webhook request uses POST with Content-Type: application/json. The body follows a consistent envelope so your receiver can parse it without per-rule adaptation.
{
"event_id": "evt_9f8a7b6c5d4e3f2a1b0c",
"timestamp": "2025-07-12T14:32:08Z",
"source": "logtrace",
"version": "2.1.0",
"alert": {
"rule_id": "rule_a1b2c3d4",
"rule_name": "Nginx 5xx Spike — Prod",
"severity": "critical",
"condition": "status_code >= 500 AND count(5m) > 20",
"window_seconds": 300,
"triggered_at": "2025-07-12T14:32:08Z",
"metrics": {
"event_count": 47,
"unique_hosts": 3,
"first_occurrence": "2025-07-12T14:27:15Z",
"last_occurrence": "2025-07-12T14:32:01Z"
}
},
"sample_logs": [
{
"timestamp": "2025-07-12T14:31:59Z",
"host": "web-prod-03.cluster.internal",
"log": "10.0.4.12 - - [12/Jul/2025:14:31:59 +0000] \"GET /api/v2/orders HTTP/1.1\" 502 0",
"fields": {
"remote_addr": "10.0.4.12",
"method": "GET",
"path": "/api/v2/orders",
"status_code": 502,
"response_time_ms": 30001
}
},
{
"timestamp": "2025-07-12T14:32:01Z",
"host": "web-prod-01.cluster.internal",
"log": "10.0.7.88 - - [12/Jul/2025:14:32:01 +0000] \"POST /api/v2/checkout HTTP/1.1\" 500 114",
"fields": {
"remote_addr": "10.0.7.88",
"method": "POST",
"path": "/api/v2/checkout",
"status_code": 500,
"response_time_ms": 1247
}
}
],
"metadata": {
"project_id": "proj_7721",
"project_name": "ecommerce-platform",
"environment": "production",
"region": "ru-central1"
}
}The sample_logs array contains up to 5 representative log entries that triggered the rule. The fields object inside each entry holds the parsed key-value pairs extracted by LogTrace's field parser. Your receiver can use event_id as an idempotency key to avoid duplicate processing.
Headers Sent with Each Request
LogTrace attaches three custom headers to every webhook call: X-LogTrace-Signature (HMAC-SHA256 of the body using your shared secret), X-LogTrace-Event-Id (the event ID for deduplication), and X-LogTrace-Retry-Count (0 for the first attempt, incrementing on retries). Standard headers Content-Type: application/json and User-Agent: LogTrace-Webhook/2.1 are also included.
Expected Response
Your endpoint should return 200 OK or 204 No Content within 5 seconds to confirm receipt. Any 4xx response is treated as a permanent failure — no retries will occur. A 5xx or a timeout triggers the configured retry sequence. If all retries are exhausted, the event is logged under Delivery Log → Failed and can be manually re-sent.
For Slack integration, use the target URL https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX and enable the Slack Format toggle in the webhook settings — LogTrace will restructure the payload into Slack's block-kit format automatically. For custom receivers, the raw JSON payload shown above is always available.
Webhook Configuration
Connect LogTrace to external systems — Slack, Telegram, Jira, or any HTTP endpoint — to receive real-time alert notifications and event streams.
Creating a Webhook for Alerts
LogTrace pushes alert events to your webhook URL the moment a rule condition is met. Each webhook is tied to a specific alert rule and can include full context: source host, log lines, severity, and rule metadata.
Step 1 — Define the Alert Rule
Navigate to Alerts → Rules in the LogTrace dashboard. Click Create Rule and configure a condition, for example: status_code >= 500 AND count(5m) > 20. Give the rule a name such as "Nginx 5xx Spike — Prod" and set the severity to Critical.
Step 2 — Add a Webhook Action
Inside the rule editor, open the Actions tab and select Webhook. Enter your endpoint URL (e.g., https://hooks.yourcompany.io/logtrace/alerts). You may attach a bearer token in the Authorization header or use a static secret in the query string. Set the retry policy — default is 3 retries with exponential backoff (1 s, 4 s, 16 s).
Step 3 — Test from the UI
Click Send Test Payload in the webhook configuration panel. LogTrace will fire a sample POST request to your endpoint and display the response status code and body. A green checkmark confirms delivery; red indicates a failure with details (timeout, 4xx/5xx, TLS error). You can inspect raw headers and the full JSON body in the Request Log drawer.
After saving, the webhook becomes active immediately. All matching alert events are forwarded within 2 seconds of rule evaluation. Monitor delivery health under Settings → Webhooks → Delivery Log, which retains the last 10,000 dispatch records.
JSON Payload Structure
Every webhook request uses POST with Content-Type: application/json. The body follows a consistent envelope so your receiver can parse it without per-rule adaptation.
{
"event_id": "evt_9f8a7b6c5d4e3f2a1b0c",
"timestamp": "2025-07-12T14:32:08Z",
"source": "logtrace",
"version": "2.1.0",
"alert": {
"rule_id": "rule_a1b2c3d4",
"rule_name": "Nginx 5xx Spike — Prod",
"severity": "critical",
"condition": "status_code >= 500 AND count(5m) > 20",
"window_seconds": 300,
"triggered_at": "2025-07-12T14:32:08Z",
"metrics": {
"event_count": 47,
"unique_hosts": 3,
"first_occurrence": "2025-07-12T14:27:15Z",
"last_occurrence": "2025-07-12T14:32:01Z"
}
},
"sample_logs": [
{
"timestamp": "2025-07-12T14:31:59Z",
"host": "web-prod-03.cluster.internal",
"log": "10.0.4.12 - - [12/Jul/2025:14:31:59 +0000] \"GET /api/v2/orders HTTP/1.1\" 502 0",
"fields": {
"remote_addr": "10.0.4.12",
"method": "GET",
"path": "/api/v2/orders",
"status_code": 502,
"response_time_ms": 30001
}
},
{
"timestamp": "2025-07-12T14:32:01Z",
"host": "web-prod-01.cluster.internal",
"log": "10.0.7.88 - - [12/Jul/2025:14:32:01 +0000] \"POST /api/v2/checkout HTTP/1.1\" 500 114",
"fields": {
"remote_addr": "10.0.7.88",
"method": "POST",
"path": "/api/v2/checkout",
"status_code": 500,
"response_time_ms": 1247
}
}
],
"metadata": {
"project_id": "proj_7721",
"project_name": "ecommerce-platform",
"environment": "production",
"region": "ru-central1"
}
}The sample_logs array contains up to 5 representative log entries that triggered the rule. The fields object inside each entry holds the parsed key-value pairs extracted by LogTrace's field parser. Your receiver can use event_id as an idempotency key to avoid duplicate processing.
Headers Sent with Each Request
LogTrace attaches three custom headers to every webhook call: X-LogTrace-Signature (HMAC-SHA256 of the body using your shared secret), X-LogTrace-Event-Id (the event ID for deduplication), and X-LogTrace-Retry-Count (0 for the first attempt, incrementing on retries). Standard headers Content-Type: application/json and User-Agent: LogTrace-Webhook/2.1 are also included.
Expected Response
Your endpoint should return 200 OK or 204 No Content within 5 seconds to confirm receipt. Any 4xx response is treated as a permanent failure — no retries will occur. A 5xx or a timeout triggers the configured retry sequence. If all retries are exhausted, the event is logged under Delivery Log → Failed and can be manually re-sent.
For Slack integration, use the target URL https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX and enable the Slack Format toggle in the webhook settings — LogTrace will restructure the payload into Slack's block-kit format automatically. For custom receivers, the raw JSON payload shown above is always available.
Webhook Configuration
Connect LogTrace to external systems — Slack, Telegram, Jira, or any HTTP endpoint — to receive real-time alert notifications and event streams.
Creating a Webhook for Alerts
LogTrace pushes alert events to your webhook URL the moment a rule condition is met. Each webhook is tied to a specific alert rule and can include full context: source host, log lines, severity, and rule metadata.
Step 1 — Define the Alert Rule
Navigate to Alerts → Rules in the LogTrace dashboard. Click Create Rule and configure a condition, for example: status_code >= 500 AND count(5m) > 20. Give the rule a name such as "Nginx 5xx Spike — Prod" and set the severity to Critical.
Step 2 — Add a Webhook Action
Inside the rule editor, open the Actions tab and select Webhook. Enter your endpoint URL (e.g., https://hooks.yourcompany.io/logtrace/alerts). You may attach a bearer token in the Authorization header or use a static secret in the query string. Set the retry policy — default is 3 retries with exponential backoff (1 s, 4 s, 16 s).
Step 3 — Test from the UI
Click Send Test Payload in the webhook configuration panel. LogTrace will fire a sample POST request to your endpoint and display the response status code and body. A green checkmark confirms delivery; red indicates a failure with details (timeout, 4xx/5xx, TLS error). You can inspect raw headers and the full JSON body in the Request Log drawer.
After saving, the webhook becomes active immediately. All matching alert events are forwarded within 2 seconds of rule evaluation. Monitor delivery health under Settings → Webhooks → Delivery Log, which retains the last 10,000 dispatch records.
JSON Payload Structure
Every webhook request uses POST with Content-Type: application/json. The body follows a consistent envelope so your receiver can parse it without per-rule adaptation.
{
"event_id": "evt_9f8a7b6c5d4e3f2a1b0c",
"timestamp": "2025-07-12T14:32:08Z",
"source": "logtrace",
"version": "2.1.0",
"alert": {
"rule_id": "rule_a1b2c3d4",
"rule_name": "Nginx 5xx Spike — Prod",
"severity": "critical",
"condition": "status_code >= 500 AND count(5m) > 20",
"window_seconds": 300,
"triggered_at": "2025-07-12T14:32:08Z",
"metrics": {
"event_count": 47,
"unique_hosts": 3,
"first_occurrence": "2025-07-12T14:27:15Z",
"last_occurrence": "2025-07-12T14:32:01Z"
}
},
"sample_logs": [
{
"timestamp": "2025-07-12T14:31:59Z",
"host": "web-prod-03.cluster.internal",
"log": "10.0.4.12 - - [12/Jul/2025:14:31:59 +0000] \"GET /api/v2/orders HTTP/1.1\" 502 0",
"fields": {
"remote_addr": "10.0.4.12",
"method": "GET",
"path": "/api/v2/orders",
"status_code": 502,
"response_time_ms": 30001
}
},
{
"timestamp": "2025-07-12T14:32:01Z",
"host": "web-prod-01.cluster.internal",
"log": "10.0.7.88 - - [12/Jul/2025:14:32:01 +0000] \"POST /api/v2/checkout HTTP/1.1\" 500 114",
"fields": {
"remote_addr": "10.0.7.88",
"method": "POST",
"path": "/api/v2/checkout",
"status_code": 500,
"response_time_ms": 1247
}
}
],
"metadata": {
"project_id": "proj_7721",
"project_name": "ecommerce-platform",
"environment": "production",
"region": "ru-central1"
}
}The sample_logs array contains up to 5 representative log entries that triggered the rule. The fields object inside each entry holds the parsed key-value pairs extracted by LogTrace's field parser. Your receiver can use event_id as an idempotency key to avoid duplicate processing.
Headers Sent with Each Request
LogTrace attaches three custom headers to every webhook call: X-LogTrace-Signature (HMAC-SHA256 of the body using your shared secret), X-LogTrace-Event-Id (the event ID for deduplication), and X-LogTrace-Retry-Count (0 for the first attempt, incrementing on retries). Standard headers Content-Type: application/json and User-Agent: LogTrace-Webhook/2.1 are also included.
Expected Response
Your endpoint should return 200 OK or 204 No Content within 5 seconds to confirm receipt. Any 4xx response is treated as a permanent failure — no retries will occur. A 5xx or a timeout triggers the configured retry sequence. If all retries are exhausted, the event is logged under Delivery Log → Failed and can be manually re-sent.
For Slack integration, use the target URL https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX and enable the Slack Format toggle in the webhook settings — LogTrace will restructure the payload into Slack's block-kit format automatically. For custom receivers, the raw JSON payload shown above is always available.