Custom webhook for microsoft teams

I’m doing Opendisto alert integration with Microsoft teams through custom webhook.
How to create destination

  1. specified full teams webhook URL in ‘Define endpoint by URL’
    → then alert doesn’t work
  2. specify below items in ‘Define endpoint by custom attributes URL’ such as
    type : HTTPS
    Port 443
    Path webhook/0ea528-blablabla…
    Parameter : no parameter
    Header : contents-Type application/json
    → it still doesn’t work
    so wondering how to specify all custom attributes to make work with teams webhook

teams webhook itself is working by curl command
such as curl -H “Content-Type: application/json” -d “{"text": "Hello World"}”
Then I can see “Hello World” in teams channel.

Would you please share your experience on it?

Thank you.

you need format the message to match the what teams expects in the “actions” section of the trigger. For example flowdock requires the "event": "message" and "content":"your text here" values in it’s API request:

{ "event": "message" , "content": "{{}} has detected an error 
- Trigger: {{}}
- Severity: {{ctx.trigger.severity}}
- Period start: {{ctx.periodStart}}
- Alert URL: url" }

it looks like teams expects “text” so try

{"text": "your alert here"}

Hello ejohns81, thanks a lot for response.
But wondering how to configure all your suggestions in OpenDistro Destination page.
for example
event, content, Trigger, Severity,… text should be parameterized in ‘Add parameter’ ?

1 Like

Just put it in the ‘message’ field, under ‘Edit trigger’ → ‘Configure actions’

Hello dmmutch
Thanks a lot for your response.
What you’re saying is ‘how to configure actions in Alert’ with Destination (Errors - webhook)
What I need to know is ‘how to configure Destination with Microsoft team webhook’
Screen capture that I upload is for that.

Hi @moonsyim,

You have a destination pointing to your Microsoft team webhook.
This webhook expects your message to be formatted a certain way otherwise it’ll reject it.
To do the formatting of the body POSTed to the webhook, you need to modify the action message as dmmutch has pointed out.

So after you create your destination. Head over to your monitor → trigger → alert and you can use dmmutch example above.

Hello dbbaughe
Thanks a lot for your suggestion.

Yes, my microsoft webhook get alert from curl commands such as
curl -H “Content-Type: application/json” -d “{“text”: “Hello World”}”…

so my question is how to configure OpenDistro destination just like above curl command.
OpenDistro configuration screen capture is

If you take a look at your curl example you have:

  • Headers
  • URL
  • Data

The headers and URL go into the destination which is the image you posted.

The data goes into Alerting → Monitors → Triggers → Action → Message.
You can reference dmmutch’s image to see what that place looks like.

you must set message template like:

text”: "
Monitor {{}} just entered alert status. Please investigate the issue.
- Trigger: {{}}
- Severity: {{ctx.trigger.severity}}
- Period start: {{ctx.periodStart}}
- Period end: {{ctx.periodEnd}}

Hey dear, I too have the same issue. curl command send messages perfectly but kibana custom webhook not able to send any messages.
Let me know if you manage to find solution


Can you let me know where you’re entering the Curl command to see test the results ?

Its resolved for me, actually the teams webhook was getting blocked by my internal network.