Incoming Webhook JSON Automation help needed

Good Evening Everyone,

As part of my job I have to monitor and respond to server alarms. We are using a new service which can send out webhook notifications and I thought this would be excellent to webhook into Home Assistant and then can have an automation to alert me in various ways the only problem is the JSON payload is way over my head to figure out how to translate into a HASS automation. Ontop of this the JSON I provided below is only when a new trigger was raised an it also uses the webook when someone in the team acknowledges the alert and again when someone marks it as resolved as well as other situations…

Initially I only want the automation to run if its a new trigger but what would be great is a state in HASS that shows when there is a new incident / when someone is working on it or clear when resolved (ie no incident).

The JSON below has only two things useful from what I can see. “Event” which is how it can determine if its a new incident / acknowledged or resolved and are one of the following values:

incident.triggered - new alert
incident.acknowledge - acknowledged by someone
incident.unacknowledge - when acknowledgement has timed out
incident.resolve - when an incident is resolved
incident.assign - when assigned to someone and often can come along with acknowledge
incident.escalate - when esclated
incident.delegate - delegated to another policy
incident.annotate - when a note is added to the incident

The only useful ones to me are triggered / acknowledge and resolve.

Secondly, I need to use in a template for my TTS and Pushbullet notification and its the “details” field which in this example contains “Test Alert”.

This gets even trickier however I am happy to acheive just the basic for now and look into more later however if more than one server has an alert at the same time then this json is an array and it can contain more than one incident at a time which is not helpful but it is very rare so willing to forget about this scenario for now.

Here is my current automation:

- id: 'server-alarm'
  alias: Server Down Alarm
  description: If a server goes down then it will run this automation
  trigger:
    platform: webhook
    webhook_id: serverwarn
  action:
  - service: notify.pbmax
    data_template:
      title: "SERVER ALARM"
      message: '{{ trigger.json }}'
  - service: tts.google_translate_say
    entity_id: "all"
    data_template:
      message: '{{ trigger.json }}'

The automation works perfectly except it contains the massive JSON output received.

Here is an example of the JSON payload: https://pastebin.com/pCXdNNE8

If anyone can help me narrow this down to what I need I would greatly appreciate it as it is way beyond my expertise.

I can’t help with everything. But what you might not know is that you can have conditions that look at the payload like this:

- alias: User is home
  description: log that a known user is at home
  trigger:
  - platform: webhook
    webhook_id: secretwebhookid
  condition:
  - condition: template
    value_template: '{{ trigger.json.user in ["bob", "alice"] }}'
  action:
  - service: system_log.write
    data_template:
      message: "{{ trigger.json.user }} is at home"
      level: warning

I however don’t know how that will behave if a key is missing because, at least in your case, it’s a different event type, which uses a different key.

In general I think it’s bad design of the payload if the form it arrives in can be different. It either always should be an array of events (even if it’s just one), or single requests with single events. Sending a naked event-object in one case but an array of objects in another makes it a pain to process the data. At least if I understood you correctly that’s what they are doing.