Configure the webhook in Elastic Observability
Configure webhook endpoints so that Elastic Observability can use the endpoint to communicate with Incident Response.
Before you begin
Role required: Responder, Manager, or Administrator
About this task
- Log in to your Elastic Observability application console.
- Navigate to .
- Select the Connectors tab and click Create connector.
- Select the Webhook connector.
In the Webhook connector pane, fill in the form:
Field Description Connector name Name for the webhook connector. URL Webhook URL copied from Incident Response. Method Select POST. Require authentication for this webhook Deselect this option. Add HTTP header This is optional. You can add your headers in the form of key-value pairs.
- Click Save.
If you want to test the webhook connection:
Note: You will not receive test alerts in Lightstep Incident Response when testing the webhook connection.
- Open the webhook connector and select the Test tab.
- In the body for Create an action, add your sample data.
- Under Run the test, click
What to do next
Add the webhook connector to the alerts that you want Lightstep Incident Response to handle.
- To create alert rules related to Observability apps, go to the Observability Alerts page and click Manage Rules to navigate to the Rules page.
- In the Rules page, you can create alerts for Observability apps (Logs, Metrics, Uptime, and APM app) and Stack Monitoring. You can also create rules directly from the Logs, Metrics, Uptime, and APM apps without leaving the app by clicking Alerts and rules and selecting a rule, or you can select Manage Rules to go to the Rules page.
- Enter the condition that will trigger the alert.
- From the Actions section in the alert rule page, select Webhook connector.
- From the Run when list, select a suitable option.
- From the Webhook connector list, select the webhook connector that you configured for Incident Response.
- In the body, paste the payload that you copied from Incident Response.
- You can set your severity in the payload against the severity parameter. For example, "severity": "minor". Otherwise the default severity will be mapped to the alert rule once the alert is triggered.
- Click Save.
For more information about configuring alerts in Elastic Observability, see Alerting.