Logz.io provides log management and log analysis services. The platform combines ELK as a cloud service and machine learning to derive new insights from machine data.

OpsRamp configuration

Step 1: Install integration

  1. From All Clients, select a client.
  2. Go to Setup > Account.
  3. Select the Integrations and Apps tab.
  4. The Installed Integrations page, where all the installed applications are displayed. Note: If there are no installed applications, it will navigate to the Available Integrations and Apps page.
  5. Click + ADD on the Installed Integrations page. The Available Integrations and Apps page displays all the available applications along with the newly created application with the version.
    Note: You can even search for the application using the search option available. Also yu can use the All Categories option to search.
  6. Click ADD in the Logz.io application and click Install.
  7. Select authentication type as WEBHOOK and click Save.
  8. Make a note of Tenant ID, Token and Webhook URL.
    These details are used while creating an HTTP Request template during Logz.io configuration.
  9. Click Save.

Step 2: Configure integration

  1. From the API tab, enter:
    • Authentication: Copy Tenant Id, Token and Webhook URL for configuration. These settings are used for creating a HTTP Request template.
    • Map Attributes: Enter the mapping information for the third-party.
  2. From the Monitoring of Integration tab, click Assign Templates.
  3. From the Audit Logs, set up audit log criteria and time frame.

Configuring the map attributes

  1. Select the required OpsRamp property from the drop-down.
  2. Click Add Mapping Attributes to map attributes for the specific OpsRamp alert property.
  3. Click + to define the mappings.
  4. From Create Alert Mappings on Status, define the mappings, parsing conditions, and default values.
  5. Click Save.

The following tables shows the attribute mappings.

Third-Party EntityOpsRamp EntityThird-Party PropertyOpsRamp PropertyThird-Party Property ValueOpsRamp Property Value
result.statusalert.currentStateStateAlert200Success
uri_queryalert.serviceNameService NameAlert
search_namealert.descriptionDescriptionAlertNANA
appalert.deviceNameResource NameAlertNANA
result.req_timealert.alertTimeTimeAlertNANA
search_namealert.subjectSubjectAlertNANA

Attributes can be modified at any time.

Logz.io configuration

Step 1: Configure alert endpoints

  1. Log into Logz.io Admin UI.
  2. Go to Alerts & Events > Alert endpoints.
  3. Select +Add endpoint and enter the following (endpoints help with integrating with other notification systems):
    • Type: Select Custom.
    • Name: Add a unique name.
    • Webhook: Paste the OpsRamp-generated Webhook URL.
    • Method: POST
    • Headers: content=type=application/json
    • Body (Optional) box: Enter the payload.
  4. Click Save.

Example payload

{
"alert_title": "TestCustom",
"alert_description": "",
"alert_severity": "Medium",
"alert_event_samples":  [
    {
    "request" : "/category/software?from=0",
    "agent" : "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
    "minor" : "0",
    "auth" : "-",
    "ident" : "-",
    "os_major" : "7",
    "type" : "logzio-demo-logs-apache",
    "major" : "9",
    "clientip" : "32.204.193.86",
    "_logzio_sample_logs" : true,
    "geoip" : {
        "timezone" : "America/Chicago",
        "ip" : "32.204.193.86",
        "latitude" : 37.751,
        "country_name" : "United States",
        "country_code2" : "US",
        "continent_code" : "NA",
        "location" : [ -97.822, 37.751 ],
        "longitude" : -97.822
        },
    "os" : "Windows 7",
    "verb" : "GET",
    "message" : "32.204.193.86 - - [11/June/2019:00:25:00 +0000] "GET /category/software?from=0 HTTP/1.1" 200 40 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"",
    "tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
    "referrer" : "-",
    "@timestamp" : "2019-11-01T05:55:32.986+0000",
    "_logzio_pattern" : 3213531,
    "response" : 200,
    "bytes" : 40,
    "name" : "IE",
    "os_name" : "Windows",
    "httpversion" : 1.1,
    "device" : "Other"
    }
    {
    "request" : "/category/electronics",
    "agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)",
    "minor" : "0",
    "auth" : "-",
    "ident" : "-",
    "os_major" : "7",
    "type" : "logzio-demo-logs-apache",
    "major" : "8",
    "clientip" : "220.186.227.70",
    "_logzio_sample_logs" : true,
    "geoip" : {
        "timezone" : "Asia/Shanghai",
        "ip" : "220.186.227.70",
        "latitude" : 30.294,
        "country_name" : "China",
        "country_code2" : "CN",
        "continent_code" : "AS",
        "region_name" : "ZJ",
        "location" : [ 120.1619, 30.294 ],
        "real_region_name" : "Zhejiang",
        "longitude" : 120.1619
        },
    "os" : "Windows 7",
    "verb" : "GET",
    "message" : "220.186.227.70 - - [11/June/2019:00:24:45 +0000] "GET /category/electronics HTTP/1.1" 200 76 "[http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548](http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548)" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)"",
    "tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
    "referrer" : ""http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548"",
    "@timestamp" : "2019-11-01T05:55:32.386+0000",
    "_logzio_pattern" : 3213531,
    "response" : 200,
    "bytes" : 76,
    "name" : "IE",
    "os_name" : "Windows",
    "httpversion" : 1.1,
    "device" : "Other"
    }
    {
    "request" : "/category/software?from=20",
    "agent" : ""Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"",
    "minor" : "0",
    "auth" : "-",
    "ident" : "-",
    "os_major" : "XP",
    "type" : "logzio-demo-logs-apache",
    "major" : "8",
    "clientip" : "32.189.100.196",
    "_logzio_sample_logs" : true,
    "geoip" : {
        "timezone" : "America/Chicago",
        "ip" : "32.189.100.196",
        "latitude" : 37.751,
        "country_name" : "United States",
        "country_code2" : "US",
        "continent_code" : "NA",
        "location" : [ -97.822, 37.751 ],
        "longitude" : -97.822
        },
    "os" : "Windows XP",
    "verb" : "GET",
    "message" : "32.189.100.196 - - [11/June/2019:00:24:35 +0000] "GET /category/software?from=20 HTTP/1.1" 200 90 "/category/software" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"",
    "tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
    "referrer" : ""/category/software"",
    "@timestamp" : "2019-11-01T05:55:31.982+0000",
    "_logzio_pattern" : 3213531,
    "response" : 200,
    "bytes" : 90,
    "name" : "IE",
    "os_name" : "Windows",
    "httpversion" : 1.1,
    "device" : "Other"
    }
    ]
}

Step 2: Configure alert profiles

Alert profiles are created for establishing filtering rules.

  1. Go to Logz.io Home and click Kibana.
  2. Click Create alert and enter the required information. For Actions, enter the previously configured alert endpoint.
    Create New Alert
  3. Click Create.
  • To edit alert details: go to Alerts & events > Alert definitions.
  • To view the triggered alerts from the Logz.io console: go to Alerts & events > Triggered alerts.

Next steps

  • View the alerts in OpsRamp.
    1. Go to Alerts and search for source name.
    2. Click an Alert ID to view.