Destination: Microsoft Teams Webhook

Hi,

as promised in the community talk, pls find below the Steps to configure a custom Webhook destination to push Alarms into a Microsoft Teams Channel.

Add webhook in Teams:

• on a Teams channel add a “Connector” ("right mouse click “Connectors”)
• add “Incoming Webhook” (Send data from a service to your Office 365 group in real time.)
• configure/create “Incoming Webhook” (assign a name) this will create an URL something like https://outlook.office.com/webhook/xxxxxxxxxxxxx

Add destination in Opendistro:

• create destination in Alerting / Destination
  • Type : Custom Webhook
  • Define endpoint by URL: → use the URL created by the webhook setup in Teams
• create/edit Trigger:
  • as destination choose the Custom Webhook
  • as Message Info use the format for “cards” available in Microsoft Teams

example of Message Info / Microsoft Teams card with Mustache template

{
    "@type": "MessageCard",
    "@context": "http://schema.org/extensions",
    "themeColor": "0076D7",
    "summary": "Larry Bryant created a new task",
    "sections": [{
        "activityTitle": "OpenDistro Alert",
        "activitySubtitle": "Trigger: {{ctx.trigger.name}}",
        "activityImage": "https://teamsnodesample.azurewebsites.net/static/img/image5.png",
        "facts": [{
            "name": "Period start",
            "value": "{{ctx.periodStart}}"
        }, {
            "name": "Period end",
            "value": "{{ctx.periodEnd}}"
        }, {
            "name": "Error",
            "value": "{{ctx.error}}"
        }, {
            "name": "Raw",
            "value": "{{ctx}}"
        }],
        "markdown": true
    }]
}

Detailed documentation about Webhooks in Teams:

Card Reference for Message Info:

Feel free to collaborate and/or add to official documentation.

Regards,
Andreas

Awesome, thanks for the detailed clarification.
Is it possible to put a specific field value into the alert message body?

Hi,

you can design your message body to your needs, therefore you can use all the available trigger variables (ctx) and Mustache templates as described in the Opendistro Alerting documentation.

But, the complete json output must be compliant to the Microsoft formats, else the message will be sent out, but rejected and do not appear in the Teams channel.

You can do a trial-and-error approach by using the handy “send test message” option in order to check if your custom message will appear in the Teams channel.
I did the same with the example above, I just took one of the Microsoft card examples, adopt it and tested it.

also, there is an online builder with samples:
https://messagecardplayground.azurewebsites.net/

@ogulman Hmm, is there any modifications we have to make? My webhook is erroring out with the AdaptiveCards generated. Works fine with the MessageCard in the OP.

@nean is there a way to iterate over a bunch of messages?
the following template doesn’t work

{
“@type”: “MessageCard”,
“@context”: “http://schema.org/extensions”,
“themeColor”: “0076D7”,
“summary”: “FAS PROD generated Error Message”,
“sections”: [{
“activityTitle”: “OpenSearch Alert”,
“activitySubtitle”: “Trigger: {{ctx.trigger.name}}”,
“activityImage”: “https://images.app.goo.gl/yweMaAzVj3Ywb1XV7”,
“facts”: [
{
“name”: “”,
“value”: “{{#ctx.results.0.hits.hits}}”
},
{
“name”: “Errors Count”,
“value”: “{{ctx.results.0.hits.total.value}}”
},
{
“name”: “Error Message”,
“value”: “{{_source.fasmessage}}”
},
{
“name”: “Time”,
“value”: “{{_source.@timestamp}}”
},
{
“name”: “Hostname”,
“value”: “{{_source.host.name}}”
},
{
“name”: “Logfile location”,
“value”: “{{_source.log.file.path}}”
},
{
“name”: “”,
“value”: “{{/ctx.results.0.hits.hits}}”
}
],
“markdown”: true
}]
}

@zubrik , not sure what your intention is, but #ctx.results.0.hits.hits and /ctx.results.0.hits.hits looks strange to me.

please consult the Alerting documentation for available variables, I’m afraid that only those ones work for passing information, but I’m happy if someone can proof otherwise.