Refine query result webhook docs (#29884)

jacobshandling · Jacob Shandling · rachaelshaw · web-flow · commit c9ed0026d950 · 2025-06-10T13:35:50.000-07:00
## Follow up for #29834 --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com> Co-authored-by: Rachael Shaw <r@rachael.wtf>
diff --git a/articles/automations.md b/articles/automations.md
@@ -31,14 +31,18 @@ destination. Data is sent according to a query's interval.
 
 ### Webhook
 
-Each time a scheduled query runs, results are sent via webhook to your configured destination URL.
-To use Webhook logging for scheduled queries, run Fleet with these environment variables:
-
-```
-FLEET_OSQUERY_RESULT_LOG_PLUGIN="webhook"
-FLEET_WEBHOOK_STATUS_URL="<target_status_url>"
-FLEET_WEBHOOK_RESULT_URL="<target_result_url>" 
-```
+Results from scheduled queries can be written to an arbitrary external webhook of your choosing.
+First, follow the [configuration docs](https://fleetdm.com/docs/deploying/configuration#webhook).
+Then in the UI:
+
+1. Navigate to the **Queries** page, select the relevant team, and click **Manage automations**
+2. In the modal that opens, confirm that you see "Log destination: Webhook", and when you hover over
+   "Webhook", you see "Each time a query runs, the data is sent via webhook to:
+   <target_result_url>"
+3. Select the queries that you want to send data to this webhook
+4. Click **Save**
+
+Results from the selected scheduled queries will be sent to the configured results URL. *Not configurable per-query.*
 
 ### Amazon Kinesis Data Firehose
 
diff --git a/articles/log-destinations.md b/articles/log-destinations.md
@@ -44,15 +44,7 @@ Note that Firehose logging has limits [discussed in the documentation](https://d
 
 ## Webhook
 
-Results from scheduled queries are written to an arbitrary external webhook of your choosing. To use, run Fleet with the
-following environment variables set:
-
-```
-FLEET_OSQUERY_RESULT_LOG_PLUGIN="webhook"
-FLEET_WEBHOOK_STATUS_URL="<target_status_url>"
-FLEET_WEBHOOK_RESULT_URL="<target_result_url>" 
-```
-
+See [webhook configuration docs](https://fleetdm.com/docs/deploying/configuration#webhook)
 
 ## Snowflake
 
diff --git a/docs/Configuration/fleet-server-configuration.md b/docs/Configuration/fleet-server-configuration.md
@@ -1251,6 +1251,30 @@ to zero will retain all logs. _Note_ max_age may still cause them to be deleted.
      max_backups: 0
   ```
 
+## Webhook
+
+To use webhook logging for query results, the following two Fleet config values must *both* be set:
+
+### Set log method to 'webhook' by
+- Command line flag: `--osquery_result_log_plugin="webhook"`,
+- Environment variable: `FLEET_OSQUERY_RESULT_LOG_PLUGIN="webhook"`, or
+- Config file:
+  ```yaml
+  osquery:
+    result_log_plugin: "webhook"
+  ```
+
+and
+
+### Set the desired result URL by
+- Command line flag: `--webhook_result_url="<target_result_url>"`,
+- Environment variable: `FLEET_WEBHOOK_RESULT_URL="<target_result_url>"`, or
+- Config file:
+  ```yaml
+  webhook:
+    result_url: "<target_result_url>"
+  ```
+
 ## Firehose
 
 ### firehose_region
