In OpenObserve, **Destinations** define how and where alert notifications are delivered when an alert is triggered. Destinations are reusable. You can assign a destination to one or more alerts to manage notifications efficiently.

## Configure Alert Destinations

The **Destinations** section provides three configuration options. Select a destination type to view configuration instructions.

## Webhook

When the alert gets triggered, OpenObserve will send alert data to an external system using an HTTP POST request. Use this option to integrate with services that support webhook ingestion. You can customize the request payload using templates to match the format expected by the target system.

View use cases.

You can use this destination to:

- Create incident tickets in **Jira Service Management** or **ServiceNow**.
- Send notifications to **Slack** or **Microsoft Teams channels**.

### Prerequisites

Set up an alert template.

This allows you to define the content and layout of the alert message.

1. In OpenObserve, go to **Management > Templates**.

1. Click **Add Template** to create a new template.

1. In the template creation screen:

   - Enter a name for the template.
   - Select **Webhook** as the template type.
   - Fill in the **Body** fields.

   Body Example:

   ```
     {
       "text": "{alert_name} is active"
     }
   ```

**Steps to configure webhooks as alert destination**

1. Go to **Management > Alert Destinations**.

1. In the **Add Destination** page, click **Webhook**.

1. Fill in the following details:

   - **Name**: Enter a descriptive name for the Webhook destination. For example, SlackNotifications. Note that characters such as `,`, `:`, `?`, `/`, `#`, and `spaces` are not allowed.

   - **Template**: Choose a predefined alert message template from the dropdown menu.

   - **URL**: Specify the Webhook endpoint URL where notifications will be sent. For example, `https://hooks.slack.com/services/T02QBH105PF/B04C7NLLLRE/HY3fXf123`

   - **Method**: Select the HTTP method (`POST`, `GET`, or `PUT`) depending on the Webhook's requirements.

   - **Headers (Optional)**: Add custom headers in key-value format. For example, authentication tokens or content type. For example,

     ```
     Key: Authorization  
     Value: Basic cm9vdEBleGFtcGxlLmNvbTpDb21wbGV4GFzcy
     ```

   - **Skip TLS Verify**: Enable this option if the endpoint uses self-signed certificates or if you want to bypass SSL verification.

1. Click **Save** to create the Webhook destination.

## Email

When the alert gets triggered, OpenObserve will send alert notifications to one or more email addresses using SMTP. Use this option when email is the preferred channel for receiving alerts. You must configure the email delivery settings under your OpenObserve SMTP setup. The alert payload can be formatted using a predefined template.

View use cases.

You can use this destination to:

- Notify on-call team members or distribution lists.
- Route alerts to incident mailboxes used by helpdesk.

### Prerequisites

1. Set up an email account for sending alerts.

To send email alerts using Gmail SMTP, you must create an App Password. Follow these steps:

1. Sign in to your Gmail account.
1. Go to **Google Account Settings** > **Security**.
1. Under **Signing into Google**, enable **2-Step Verification** (if not already enabled).
1. After enabling 2-Step Verification, go to the **App Passwords**.
1. In the **App Passwords** page, enter a name for your app, such as SMTP, and click **Create**.
1. Copy the generated App Password and store it securely. You will need it during configuration.

**Test Your Gmail SMTP Configuration**\
Use an online tool such as [Mailmeteor’s SMTP Test Tool](https://mailmeteor.com/smtp-test) to verify your configuration.\
To test:

1. Go to Mailmeteor's SMTP Test Tool and select the email provider.
1. The tool fills in the SMTP server as `smtp.gmail.com` and port `587`.
1. Enter your Gmail address and the **App Password** you created earlier.
1. Click **Test Configuration**.

If successful, you will receive a test email in your inbox. This confirms your Gmail SMTP configuration is working.

2. Configure environment variables to enable email alerts through SMTP in OpenObserve.

Choose your deployment type and configure the environment variables accordingly:

- **For Single Node Deployment**: You need to pass SMTP configuration parameters when starting OpenObserve. Below is the command to configure OpenObserve to send email alerts via Gmail:

```
ZO_SMTP_ENABLED=true \
ZO_SMTP_HOST="smtp.gmail.com" \
ZO_SMTP_PORT=587 \
ZO_SMTP_USER_NAME="your-gmail-address@gmail.com" \
ZO_SMTP_PASSWORD="your-app-password" \
ZO_SMTP_FROM_EMAIL="your-gmail-address@gmail.com" \
ZO_SMTP_ENCRYPTION="starttls" \
ZO_ROOT_USER_EMAIL="root-user-email" \
ZO_ROOT_USER_PASSWORD="root-user-password" \
./openobserve
```

Replace the placeholders with your actual credentials and email addresses.

- **For High Availability (HA) deployment**: Configure the above environemnt variables in the values.yaml file
- **For Cloud**: No additional configuration required.

3. Set up an alert template.

This allows you to define the content and layout of the alert message.

1. In OpenObserve, go to **Management > Templates**.

1. Click **Add Template** to create a new email template.

1. In the template creation screen:

   - Select **Email** as the template type.
   - Enter a name for the template.
   - Fill in the **Title** and **Body** fields.

   Title Example:

   ```
   [Alert: {alert_name}] - Severity: {alert_type}
   ```

   Body Example:

   ```
   {
     "alertname": "{alert_name}",
     "stream": "{stream_name}",
     "organization": "{org_name}",
     "alerttype": "{alert_type}",
     "severity": "critical"
   }
   ```

1. Ensure that the recipient is part of the appropriate organization

1. From the left-nevigation menu, go to **IAM** (Identity and Access Management) > **Users**.

1. Click **Add User**.

1. Enter the user’s email address, role, password, and name.

1. Click **Save**.

After the user is added, they become eligible to receive email alerts.

### Steps to configure emails as alert destination

1. Go to **Management** > **Alert Destinations**.
1. In the **Add Destination** page, click **Email**.
1. Enter a name for the destination.
1. Select an email template to define the alert content.
1. Enter the recipient’s email address.
1. Click **Save**.

This creates the email as alert destination.

## Actions

When an alert gets triggered, OpenObserve executes a Real-time Action script. Use this destination type when the alert data needs to be processed or routed using custom logic.Action scripts are stateful. They can retain values across executions, enabling more advanced workflows than webhook or email destinations.

View use cases.

For example, you can use this destination to:

- Send the alert to Slack, and also ingest a structured copy of the alert into a custom stream in your organization
- Track how often a specific alert has triggered, then write aggregated metrics, such as trigger count per hour, to a stream for trend analysis.

### Prerequisites

1. Create the real-time action

Create the real-time action script as per your requirement. For more details, visit the [Create and Use Real-time Actions](https://openobserve.ai/docs/user-guide/data-processing/actions/create-and-use-real-time-actions/index.md) page.

2. Create the alert template

When you configure an Action as the alert destination, OpenObserve passes the alert data to your Real-time Action script through a template. The template defines the structure of the alert payload that your Python script will receive as the `data` argument in its `main()` function.

**Note:** Unlike email or webhook templates (which are meant for human-readable or HTTP payload formatting), this template is meant to be machine-readable. Hence, it should be a valid JSON object that matches how your script expects to read alert fields.

You can create the template from Management > Templates > Add Template > Web Hook (because Action templates also use JSON structure).

Use the following structure as an example:

{ "alert_name": "{alert_name}", "alert_type": "{alert_type}", "stream_name": "{stream_name}", "org_name": "{org_name}", "alert_period": "{alert_period}", "alert_operator": "{alert_operator}", "alert_threshold": "{alert_threshold}", "alert_start_time": "{alert_start_time}", "alert_end_time": "{alert_end_time}", "alert_trigger_time": "{alert_trigger_time}" } This ensures that when the alert triggers, your real-time Action script receives this JSON as `data`. Your Python script can then parse these fields directly.

### Steps to configure actions as alert destination

1. Go to **Management > Alert Destinations**.
1. In the **Add Destination** page, click **Actions**.
1. Enter the name of the destination.
1. Select the template.
1. Select the real-time action.
1. Click **Save**.