Configure the webhook in Elastic Observability

Configure webhook endpoints so that Elastic Observability can use the endpoint to communicate with Incident Response.

Before you begin

Role required: Responder, Manager, or Administrator

About this task

Note: While this integration with a third-party product is supported, the documentation here is based upon information provided by that third-party. More current information about the operation of that third-party’s system may be available from them directly.


  1. Log in to your Elastic Observability application console.
  2. Navigate to Management > Stack Management > Alerts and Insights > Rules and Connectors.
  3. Select the Connectors tab and click Create connector.
  4. Select the Webhook connector.
  5. In the Webhook connector pane, fill in the form:
    Field Description
    Connector name Name for the webhook connector.
    URL Webhook URL copied from Incident Response.
    Method Select POST.
    Require authentication for this webhook Deselect this option.
    Add HTTP header This is optional. You can add your headers in the form of key-value pairs.
    Webhook connector for Elastic Observability.
  6. Click Save.
  7. If you want to test the webhook connection:
    1. Open the webhook connector and select the Test tab.
    2. In the body for Create an action, add your sample data.
    3. Under Run the test, click Run.

      Test webhook URL.

    Note: You will not receive test alerts in Lightstep Incident Response when testing the webhook connection.

What to do next

Add the webhook connector to the alerts that you want Lightstep Incident Response to handle.

  1. To create alert rules related to Observability apps, go to the Observability Alerts page and click Manage Rules to navigate to the Rules page.
  2. In the Rules page, you can create alerts for Observability apps (Logs, Metrics, Uptime, and APM app) and Stack Monitoring. You can also create rules directly from the Logs, Metrics, Uptime, and APM apps without leaving the app by clicking  Alerts and rules and selecting a rule, or you can select  Manage Rules  to go to the Rules page.
  3. Enter the condition that will trigger the alert.
  4. From the Actions section in the alert rule page, select Webhook connector.
  5. From the Run when list, select a suitable option.
  6. From the Webhook connector list, select the webhook connector that you configured for Incident Response.
  7. In the body, paste the payload that you copied from Incident Response.

    Alert rule action.

  8. You can set your severity in the payload against the severity parameter. For example, "severity": "minor". Otherwise the default severity will be mapped to the alert rule once the alert is triggered.

    Severity and state mappings for Elastic Observability

  9. Click Save.

For more information about configuring alerts in Elastic Observability, see Alerting.