Sumo Logic Integration

Sumo Logic sends alerts from scheduled searches to third-party applications via Webhooks and forward Opsgenie alerts to Sumo Logic.

577

​What does Opsgenie offer Sumo Logic users?

Opsgenie provides a two-way integration with Sumo logic. When an action happened at Opsgenie alerts, the webhook data will be forwarded to the Sumo Logic. Also, Sumo Logic sends webhook alerts to Opsgenie which acts as a dispatcher for these alerts and determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until the alert is acknowledged or closed.

Functionality of the integration

  • When an alert is created in Sumo Logic, an alert will be created automatically in Opsgenie.
  • When an alert action happened in Opsgenie, the webhook payload will be sent to Sumo Logic.

Add Sumo Logic integration in Opsgenie

  1. Please create an Opsgenie account if you haven't done so already.
  2. Go to Opsgenie's Sumo Logic Integration page.

🚧

For Free and Essentials plans, you can only add the integrations from the Team Dashboards, please use the alternative instructions given below to add this integration.

  1. Specify who is notified of Sumo Logic alerts using the Teams field. Auto-complete suggestions are provided as you type.

📘

An alternative for Step 2) and Step 3) is to add the integration from the Team Dashboard of the team which will own the integration. To add an integration directly to a team, navigate to the Team Dashboard and open Integrations tab. Click Add Integration and select the integration that you would like to add.

  1. Copy the URL to use in Sumo Logic.
  2. To forward alert data to Sumo Logic activate Opsgenie to Sumo Logic field and fill the collector URL which is provided from Sumo Logic.
  3. Click Save Integration.
3214

Configuration on Sumo Logic

In Sumo Logic, scheduled searches send alerts to other tools via Webhook connections. To send alerts from Sumo Logic to Opsgenie, create a Webhook first and use it in a scheduled search configuration.

Create Webhook

  1. In Sumo Logic, open Manage Data -> Settings -> Connections.
  2. Click + Add and choose Webhook as connection type.
  3. Populate the name as "Opsgenie" and give an optional description to the connection.
  4. Paste the URL copied previously into the "URL" field.
  5. Populate "Payload" field with the following content:
{
  "searchName": "{{SearchName}}",
  "searchDescription": "{{SearchDescription}}",
  "searchQuery": "{{SearchQuery}}",
  "searchQueryUrl": "{{SearchQueryUrl}}",
  "timeRange": "{{TimeRange}}",
  "fireTime": "{{FireTime}}",
  "rawResultsJson": "{{RawResultsJson}}",
  "numRawResults": "{{NumRawResults}}",
  "priority" : "P3",
  "aggregateResultsJson" : "{{AggregateResultsJson}}"
}
  1. Click Save.
1340

Configure Scheduled Search

  1. In the desired search screen to schedule, click Save As under the query currently displayed in the search box.
  2. In the "Save Search As" dialog box, enter a name for the search and an optional description.
  3. Choose an option from the Time Range menu.
  4. Click Schedule this search.
  5. Choose an option from the "Run Frequency" menu.
  6. For Alert Type, choose "Webhook" to upload search results to your connection.
  7. Select "Opsgenie" connection from the Webhook connections list.
  8. Click Save.
1114

Sample payload sent from Sumo Logic

{
    "searchName": "Reporting Hosts",
    "searchDescription": "Cem",
    "searchQuery": "_sourceCategory=linux/system  | parse regex \"\\d+\\s+\\d+:\\d+:\\d+\\s(?<dest_hostname>\\S+)\\s(?<process_name>\\w*)(?:\\[\\d+\\]|):\\s+\"  | count_distinct(dest_hostname) as _hostCount",
    "searchQueryUrl": "https://service.eu.sumologic.com/ui/index.html#/search/1NJLAwKvQOkwHOyhfkd1wfuI1dXqUFhf0vrf7XnR2XvYWT6LOMeOO4nW1babPnhkAzfnETUgU5dlvJNU8ALz9UIv6SYhR6gvxHVX4UjUaUa8314H8ALCL2gXyoSt0Ivr",
    "timeRange": "2019-03-18 13:28:45 EET - 2019-03-18 13:33:45 EET",
    "fireTime": "2019-03-18 13:34:17 EET",
    "rawResultsJson": "",
    "numRawResults": "1",
    "priority": "P3",
    "aggregateResultsJson": "[{\"Hostcount\":1}]"
}