Logz.io

Logz.io provides log management and log analysis services. The platform combines ELK as a cloud service and machine learning to derive new insights from machine data.

OpsRamp configuration

Step 1: Install integration

Select a client from the All Clients list.
Go to Setup > Integrations > Integrations.
From Available Integrations, select Monitoring > Logz.io.
Click Install.

Step 2: Configure integration

From the API tab, enter:
- Authentication: Copy Tenant Id, Token and Webhook URL for configuration. These settings are used for creating a HTTP Request template.
- Map Attributes: Enter the mapping information for the third-party.
From the Monitoring of Integration tab, click Assign Templates.
From the Audit Logs, set up audit log criteria and time frame.

Configuring the map attributes

Select the required OpsRamp property from the drop-down.
Click Add Mapping Attributes to map attributes for the specific OpsRamp alert property.
Click + to define the mappings.
From Create Alert Mappings on Status, define the mappings, parsing conditions, and default values.
Click Save.

The following tables shows the attribute mappings.

Third-Party Entity	OpsRamp Entity	Third-Party Property	OpsRamp Property	Third-Party Property Value	OpsRamp Property Value
result.status	alert.currentState	State	Alert	200	Success
uri_query	alert.serviceName	Service Name	Alert
search_name	alert.description	Description	Alert	NA	NA
app	alert.deviceName	Resource Name	Alert	NA	NA
result.req_time	alert.alertTime	Time	Alert	NA	NA
search_name	alert.subject	Subject	Alert	NA	NA

Attributes can be modified at any time.

Logz.io configuration

Step 1: Configure alert endpoints

Log into Logz.io Admin UI.
Go to Alerts & Events > Alert endpoints.
Select +Add endpoint and enter the following (endpoints help with integrating with other notification systems):
- Type: Select Custom.
- Name: Add a unique name.
- Webhook: Paste the OpsRamp-generated Webhook URL.
- Method: POST
- Headers: content=type=application/json
- Body (Optional) box: Enter the payload.
Click Save.

Example payload

{
"alert_title": "TestCustom",
"alert_description": "",
"alert_severity": "Medium",
"alert_event_samples":  [
    {
    "request" : "/category/software?from=0",
    "agent" : "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
    "minor" : "0",
    "auth" : "-",
    "ident" : "-",
    "os_major" : "7",
    "type" : "logzio-demo-logs-apache",
    "major" : "9",
    "clientip" : "32.204.193.86",
    "_logzio_sample_logs" : true,
    "geoip" : {
        "timezone" : "America/Chicago",
        "ip" : "32.204.193.86",
        "latitude" : 37.751,
        "country_name" : "United States",
        "country_code2" : "US",
        "continent_code" : "NA",
        "location" : [ -97.822, 37.751 ],
        "longitude" : -97.822
        },
    "os" : "Windows 7",
    "verb" : "GET",
    "message" : "32.204.193.86 - - [11/June/2019:00:25:00 +0000] "GET /category/software?from=0 HTTP/1.1" 200 40 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"",
    "tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
    "referrer" : "-",
    "@timestamp" : "2019-11-01T05:55:32.986+0000",
    "_logzio_pattern" : 3213531,
    "response" : 200,
    "bytes" : 40,
    "name" : "IE",
    "os_name" : "Windows",
    "httpversion" : 1.1,
    "device" : "Other"
    }
    {
    "request" : "/category/electronics",
    "agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)",
    "minor" : "0",
    "auth" : "-",
    "ident" : "-",
    "os_major" : "7",
    "type" : "logzio-demo-logs-apache",
    "major" : "8",
    "clientip" : "220.186.227.70",
    "_logzio_sample_logs" : true,
    "geoip" : {
        "timezone" : "Asia/Shanghai",
        "ip" : "220.186.227.70",
        "latitude" : 30.294,
        "country_name" : "China",
        "country_code2" : "CN",
        "continent_code" : "AS",
        "region_name" : "ZJ",
        "location" : [ 120.1619, 30.294 ],
        "real_region_name" : "Zhejiang",
        "longitude" : 120.1619
        },
    "os" : "Windows 7",
    "verb" : "GET",
    "message" : "220.186.227.70 - - [11/June/2019:00:24:45 +0000] "GET /category/electronics HTTP/1.1" 200 76 "[http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548](http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548)" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)"",
    "tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
    "referrer" : ""http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548"",
    "@timestamp" : "2019-11-01T05:55:32.386+0000",
    "_logzio_pattern" : 3213531,
    "response" : 200,
    "bytes" : 76,
    "name" : "IE",
    "os_name" : "Windows",
    "httpversion" : 1.1,
    "device" : "Other"
    }
    {
    "request" : "/category/software?from=20",
    "agent" : ""Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"",
    "minor" : "0",
    "auth" : "-",
    "ident" : "-",
    "os_major" : "XP",
    "type" : "logzio-demo-logs-apache",
    "major" : "8",
    "clientip" : "32.189.100.196",
    "_logzio_sample_logs" : true,
    "geoip" : {
        "timezone" : "America/Chicago",
        "ip" : "32.189.100.196",
        "latitude" : 37.751,
        "country_name" : "United States",
        "country_code2" : "US",
        "continent_code" : "NA",
        "location" : [ -97.822, 37.751 ],
        "longitude" : -97.822
        },
    "os" : "Windows XP",
    "verb" : "GET",
    "message" : "32.189.100.196 - - [11/June/2019:00:24:35 +0000] "GET /category/software?from=20 HTTP/1.1" 200 90 "/category/software" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"",
    "tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
    "referrer" : ""/category/software"",
    "@timestamp" : "2019-11-01T05:55:31.982+0000",
    "_logzio_pattern" : 3213531,
    "response" : 200,
    "bytes" : 90,
    "name" : "IE",
    "os_name" : "Windows",
    "httpversion" : 1.1,
    "device" : "Other"
    }
    ]
}

Step 2: Configure alert profiles

Alert profiles are created for establishing filtering rules.

Go to Logz.io Home and click Kibana.
Click Create alert and enter the required information. For Actions, enter the previously configured alert endpoint.
Click Create.

To edit alert details: go to Alerts & events > Alert definitions.
To view the triggered alerts from the Logz.io console: go to Alerts & events > Triggered alerts.

Next steps

View the alerts in OpsRamp.
1. Go to Alerts and search for source name.
2. Click an Alert ID to view.