Sumo Logic provides a secure, cloud-based service for logs and metrics management with real-time analytics and insights. OpsRamp integration with Sumo Logic triggers alerts in OpsRamp based on a scheduled search.
Sumo Logic Version Supported for Integration: February 13, 2020 (19.288-3)
OpsRamp configuration
Inbound configurations capture all the details required to call OpsRamp APIs.
Step 1: Install the integration
- From All Clients, select a client.
- Go to Setup > Account.
- Select the Integrations and Apps tab.
- The Installed Integrations page, where all the installed applications are displayed. Note: If there are no installed applications, it will navigate to the ADD APP page.
- Click + ADD on the Installed Integrations page. The Available Integrations and Apps page displays all the available applications along with the newly created application with the version.
Note: You can even search for the application using the search option available. Also yu can use the All Categories option to search. - Click ADD in the Sumo Logic application and click Install.
- Select authentication type as WEBHOOK and click Save.
- Make a note of Tenant ID, Token and Webhook URL.
These details are used while creating an HTTP Request template during Sumo Logic configuration. - Click Save.
Step 2: Configure the integration
- From the API tab, enter:
- Authentication: Token and Webhook URL for configuration.
These settings are required for defining alert endpoints. - Map Attributes: Enter the mapping information for the third-party.
The Map Attributes section maps the third-party attributes to OpsRamp attributes associated with payloads.
- Authentication: Token and Webhook URL for configuration.
- From the Monitoring of Integration tab, click Assign Templates.
- From the Audit Logs, set up audit log criteria and time frame.
Configuring the map attributes
- Select the required OpsRamp property from the drop-down.
- Click Add Mapping Attributes to map attributes for the specific OpsRamp alert property.
- Click + to define the mappings.
- From Create Alert Mappings on Status, define the mappings, parsing conditions, and default values.
- Click Save.
The following table shows the property mappings.
Third-Party Entity | OpsRamp Entity | Third-Party Property | OpsRamp Property (non-editable) | ||||||
---|---|---|---|---|---|---|---|---|---|
Problem | Alert | State
| alert.currentState | ||||||
Problem | Alert | RawResultsJson
| alert.serviceName | ||||||
Problem | Alert | searchDescription | alert.description | ||||||
Problem | Alert | RawResultsJson
| alert.deviceName | ||||||
Problem | Alert | alert.id | alert.extAlertId | ||||||
Problem | Alert | searchName SearchDescription | alert.subject |
- You can modify the attributes at any time.
- You need not follow the same mappings.
Sumo Logic configuration
Step 1: Create connection
- Log into the Sumo Logic Admin UI.
- Go to Manage Data, Settings, Connections and click +.
- Select Webhook and enter:
- Unique Name
- Webhook URL (copied from OpsRamp configuration in URL field
- Additional fields such as description, authorization header, custom header.
- Elements in the payload according to your alert requirement. Refer to the documentation for samples.
- Click Save:
Example Payload:
{
“searchName”: “{{SearchName}}”,
“searchDescription”: “{{SearchDescription}}”,
“searchQuery”: “{{SearchQuery}}”,
“searchQueryUrl”: “{{SearchQueryUrl}}”,
“rawResultsJson”: “{{RawResultsJson}}”,
“numRawResults”: “{{NumRawResults}}”,
“State” : “High”,
“aggregateResultsJson” : “{{AggregateResultsJson}}”
}
Step 2: Configure trigger alerts
Alerts can be triggered using one of the following:
- Schedule search
- Monitors
Configuring triggers with schedule search
- From Sumo Login home, go to Log Search and click Save As.
Save Item dialog box opens. - Enter the following details:
Name and Description
Query: build a query as per requirement. Alerts are triggered according to the query built.
Query exmaple:
Example 1:_sourceCategory=apache| parse “* ” as src_IP | parse ” 200 * ” as size | count, sum(size) by src_IPExample 2: _sourceCategory=”hostmetrics”
Click Schedule this search and enter:
- Select the Run Frequency and Send Notifications accordingly from the drop-down list.
- For Alert Type, enter Webhook.
- Select the checkbox if you require separate alerts.
- For Connection, select the connection that you created.
- If you want to edit the payload, enable Customize Payload and make the necessary changes.
- Click Save.
Configuring triggers with monitors
- Go to Manage Data, Alerts, and click Add Monitor.
Metrics Monitor window opens. - For Select Time Series to Monitor, build a query to monitor (as built for Schedule Search option) and if required make the necessary changes in Settings and Legend.
- For Set Rules, set the rules and select the Send Notification Via the Connection that was created earlier.
- For Set Name and Description, enter details and click Save.
Example payload
{
"searchname": "Other",
"SearchDescription": "",
"SearchQuery": "*",
"SearchQueryUrl": "https://service.in.sumologic.com/ui/index.html#/search/3jZ7g4s65MuGSoa6iCHXOzw8pKqJLuc9ZpGfOpo8FQ8OmroIDJtsYPtOW6B941KQxCfzRbGliBxfShw8sDfEBbKt5Qb0Jx9uJ6YSaDGozQPDvdhDGD4guOJZuVFTpU61",
"RawResultsJson": "[{"Message":"[02/Oct/2019:18:23:46] VendorID=7026 Code=C AcctID=8702194102896748","Time":1570040626000,"Host":"127.0.0.1","Category":"uploads/other","Name":"vendor_sales.log","Collector":"File Uploads"},{"Message":"[02/Oct/2019:18:23:31] VendorID=1043 Code=B AcctID=2063718909897951","Time":1570040611000,"Host":"103.49.52.70","Category":"uploads/other","Name":"vendor_sales.log","Collector":"File Uploads"},{"Message":"[02/Oct/2019:18:22:59] VendorID=1243 Code=F AcctID=8768831614147676","Time":1570040579000,"Host":"103.49.52.71","Category":"uploads/other","Name":"vendor_sales.log","Collector":"File Uploads"},{"Message":"[02/Oct/2019:18:22:48] VendorID=1239 Code=K AcctID=5822351159954740","Time":1570040568000,"Host":"103.49.52.72","Category":"uploads/other","Name":"vendor_sales.log","Collector":"File Uploads"},{"Message":"[02/Oct/2019:18:22:32] VendorID=7033 Code=E AcctID=4390644811207834","Time":1570040552000,"Host":"103.49.52.73","Category":"uploads/other","Name":"vendor_sales.log","Collector":"File Uploads"},{"Message":"[02/Oct/2019:18:22:13] VendorID=1139 Code=D AcctID=2548096337574259","Time":1570040533000,"Host":"103.49.52.74","Category":"uploads/other","Name":"vendor_sales.log","Collector":"File Uploads"},{"Message":"[02/Oct/2019:18:21:40] VendorID=9103 Code=B AcctID=6081238166719034","Time":1570040500000,"Host":"103.49.52.75","Category":"uploads/other","Name":"vendor_sales.log","Collector":"File Uploads"},{"Message":"[02/Oct/2019:18:21:21] VendorID=1151 Code=D AcctID=6980883790773744","Time":1570040481000,"Host":"103.49.52.76","Category":"uploads/other","Name":"vendor_sales.log","Collector":"File Uploads"},{"Message":"[02/Oct/2019:18:20:58] VendorID=1155 Code=F AcctID=3595732379989377","Time":1570040458000,"Host":"103.49.52.77","Category":"uploads/other","Name":"vendor_sales.log","Collector":"File Uploads"},{"Message":"182.236.164.11 - - [02/Oct/2019:18:20:56] "GET /cart.do?action=addtocart&itemId=EST-15&productId=BS-AG-G09&JSESSIONID=SD6SL8FF10ADFF53101 HTTP 1.1" 200 2252 "http://www.buttercupgames.com/oldlink?itemId=EST-15" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5" 506","Time":1570040456000,"Host":"103.49.52.7","Category":"uploads/other","Name":"access.log","Collector":"File Uploads"}]",
"NumRawResults": "53700",
"State": "High",
"AggregateResultsJson": ""
}
Viewing alerts
- Go to the Alerts page, search with the source name as
Sumo Logic
.
Related alerts are displayed. - Click Alert ID to view. Click an Alert ID to view.