Sumo Logic Integration

Sumo Logic sends alerts from scheduled searches to third-party applications via Webhooks.

​What does OpsGenie offer to Sumo Logic users?

Sumo Logic sends webhook alerts. With Sumo Logic Integration, OpsGenie acts as a dispatcher for these alerts, determining the right people to notify based on on-call schedules, notifying them using email, text messages (SMS), phone calls and iPhone & Android push notifications, and escalating alerts until the alert is acknowledged or closed.


Functionality of the integration

  • When an alert is created in Sumo Logic, an alert will be created automatically in OpsGenie.

Add Sumo Logic integration in OpsGenie

  1. Please create an OpsGenie account if you haven't done already
  2. Go to OpsGenie Sumo Logic Integration page,
  3. Specify who should be notified for Sumo Logic alerts using the "Teams" and "Recipients" fields. Auto-complete suggestions will be provided as you type. 
  4. Copy the URL by clicking on the copy button or selecting.
  5. Click on "Save Integration".

Configuration on Sumo Logic

In Sumo Logic, scheduled searches sends alerts to another tools via Webhook Connections. To send alerts from Sumo Logic to OpsGenie, you should create a Webhook first and use it in a scheduled search configuration.

Create Webhook
  1. In Sumo Logic, open Manage -> Connections
  2. Click "+ Add" and choose "Webhook" as connection type.
  3. Populate name as "OpsGenie" and give an optional description to the connection.
  4. Paste the URL you copied into the "URL" field.
  5. Populate "Payload" field with the following content:
    {
                  "searchName": "$SearchName",
                  "searchDescription": "$SearchDescription",
                  "searchQuery": "$SearchQuery",
                  "searchQueryUrl": "$SearchQueryUrl",
                  "timeRange": "$TimeRange",
                  "fireTime": "$FireTime",
                  "rawResultsJson": "$RawResultsJson",
                  "numRawResults": "$NumRawResults"
                }
  6. Click "Save"
Configure Scheduled Search
  1. In the search screen you want to schedule, click "Save As under" the query currently displayed in the search box.
  2. In the Save Search As dialog box, enter a name for the search and an optional description.
  3. Choose an option from the Time Range menu.
  4. Click Schedule this search.
  5. Choose an option from the Run Frequency menu.
  6. For Alert Type, choose Webhook to upload search results to your Connection
  7. Select "OpsGenie" connection from the webhook connections list.
  8. Click "Save"

Sample payload sent from Sumo Logic

{
  "searchName": "collector",
  "searchDescription": "desc",
  "searchQuery": "_collector=Tuba-MacBook-Pro.local",
  "searchQueryUrl": "https://service.us2.sumologic.com/ui/index.html#section/search",
  "timeRange": "2015-11-26 14:00:00 EET - 2015-11-26 17:00:00 EET",
  "fireTime": "2015-11-26 17:00:00 EET",
  "numRawResults": "5",
  "rawResultsJson": "[{\"Message\":\"test log message1\",\"Time\":1448545024149,\"Host\":\"Tuba-MacBook-Pro.local\",\"Category\":\"logfile\",\"Name\":\"request.log\",\"Collector\":\"Tuba-MacBook-Pro.local\"},{\"Message\":\"test log message2\",\"Time\":1448545028149,\"Host\": \"Tuba-MacBook-Pro.local\",\"Category\": \"logfile\",\"Name\": \"request.log\",\"Collector\": \"Tuba-MacBook-Pro.local\"}]",
  "teams": ["Operations"]
}

Sample alert