Webhook Alerts

This section provides detailed information on webhook support provided by Zebrium so you can build your own custom integration.

Zebrium provides four outgoing webhooks:


  • Alert webhook payloads are sent when any alert rule is triggered.
  • Alert rules are defined using the Views/Alerts menu item in the Logs tab of the Zebrium UI.
  • Frequency of Alert webhooks depends on the Alert configuration. Alerts can be set to trigger every 5 min, 15 min, 30 min, 1 hour, or 1 day when their conditions are met.


  • Anomaly webhook payloads are sent when data is ingested and our machine learning detects anomalous events that are Not part of an Incident that was created.
  • Frequency of Anomaly webhooks depends on data ingest and detection of anomalies.


  • Incident webhook payloads are sent when data is ingested and our machine learning detects an incident comprised of anomalous events.
  • Frequency of Incident webhook depends on data ingest and detection of anomalies.

Metric Alerts (future)

  • Metric Alerts webhook payloads are sent when custom metric alert rules are triggered.
  • Frequency of Metric Alerts webhook depends on data ingest and detection of metrics that meet custom metric alert rules.

Configuring Webhooks in the Zebrium UI

  1. From the User menu area, select the Account Settings gear icon
  2. Click the Outbound Alerts menu item.
  3. Click the Create Outbound Alert button.
  4. Select Webhook as the Outbound Alert Type.
  5. Enter a Name that you will refer to this integration as when linking it to Alert Rules or Incident Types.
  6. Select which payload you wish to send to the endpoint using the Include Payloads multi-select drop-down. You can choose: Alert, Anomaly, Incident, Metric Alert or any combination of these.
    • An endpoint can be the receiver of any combination of payloads.
    • Payloads are always sent separately.
    • In the case where you have one endpoint to handle all payload formats, there is a common identifier in every payload called event_type that your backend can use to tell which payload has been received and then call the appropriate payload handler.
    • You can also configure a separate endpoint for each payload.
    • You can have as many webhooks defined as you like.
  7. Set the Choose Deployment option to the desired deployment names or All.
    • Note: This option will not be displayed if you have only one deployment.
  8. Enter the URL of your endpoint
  9. Select the Authentication method your backend requires
    • NONE - Requires no additional configuration
    • BASIC - Enter your Username and Password
    • TOKEN - Enter the Token
    • Prefix - When specifying either Basic or Token based authentication, you can enter any prefix string that your backend expects to see in the Authorization header. For Basic authentication, the typical prefix string is Basic (our default) and for token-based authentication, the typical prefix string is either Bearer (our default) or Token.
    • Here is an example of an Authorization header for Basic Authentication. Note the prefix string (before the encoded username/password) is Basic Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
  10. Click Create to save your outgoing webhook definition

Webhook Payload Format

  • See links below for detailed description of each webhook payload.

Table of contents