Logz.io

Describes how to setup an integration to receive alerts from Logz.io.

Leave Feedback

Introduction

Logz.io provides log management and log analysis services. The platform combines ELK as a cloud service and machine learning to derive new insights from machine data.

OpsRamp configuration

Configuration involves the following:

  1. Installing the integration.
  2. Configuring the integration.

Step 1: Install the integration

To install:

  1. From All Clients, select a client.
  2. Go to Setup > Integrations > Integrations.
  3. From Available Integrations, select Monitoring > Logz.io.
  4. Click Install.

Step 2: Configure the integration

To configure the integration:

  1. From the API tab, provide the following:
    • Authentication: Copy Tenant Id, Token and Webhook URL for configuration. These settings are used for creating a HTTP Request template.
    • Map Attributes: Provide the mapping information for the third-party.
  2. From the Monitoring of Integration tab, click Assign Templates.
  3. From the Audit Logs, set up audit log criteria and time frame.

Configuring the map attributes

To configure the mapping attributes:

  1. Select the required OpsRamp property from the drop-down.
  2. Click Add Mapping Attributes to map attributes for the specific OpsRamp alert property.
  3. Click + to define the mappings.
  4. From Create Alert Mappings on Status, define the mappings, parsing conditions, and default values, and Save.

The following tables shows the attribute mappings.

Mapping Attributes
Third-Party EntityOpsRamp EntityThird-Party PropertyOpsRamp PropertyThird-Party Property ValueOpsRamp Property Value
result.statusalert.currentStateStateAlert200Success
uri_queryalert.serviceNameService NameAlert
search_namealert.descriptionDescriptionAlertNANA
appalert.deviceNameResource NameAlertNANA
result.req_timealert.alertTimeTimeAlertNANA
search_namealert.subjectSubjectAlertNANA

Logz.io configuration

Configuration involves:

  1. Configuring alerts endpoints.
  2. Configuring alerting profiles.

Step 1: Configure alert endpoints

To configure alert endpoints:

  1. Log into Logz.io Admin UI.
  2. Go to Alerts & Events > Alert endpoints.
  3. Select +Add endpoint and provide the following (endpoints help with integrating with other notification systems):
    • Type: Select Custom.
    • Name: Add a unique name.
    • Webhook: Paste the OpsRamp-generated Webhook URL.
    • Method: POST
    • Headers: content=type=application/json
    • Body (Optional) box: Provide the payload.
  4. Click Save.

Sample payload:

{ 
"alert_title": "TestCustom",
"alert_description": "",
"alert_severity": "Medium",
"alert_event_samples":  [ 
    { 
    "request" : "/category/software?from=0",
    "agent" : "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
    "minor" : "0",
    "auth" : "-",
    "ident" : "-",
    "os_major" : "7",
    "type" : "logzio-demo-logs-apache",
    "major" : "9",
    "clientip" : "32.204.193.86",
    "_logzio_sample_logs" : true,
    "geoip" : {
        "timezone" : "America/Chicago",
        "ip" : "32.204.193.86",
        "latitude" : 37.751,
        "country_name" : "United States", 
        "country_code2" : "US",
        "continent_code" : "NA",
        "location" : [ -97.822, 37.751 ],
        "longitude" : -97.822 
        },
    "os" : "Windows 7",
    "verb" : "GET",
    "message" : "32.204.193.86 - - [11/June/2019:00:25:00 +0000] "GET /category/software?from=0 HTTP/1.1" 200 40 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"",
    "tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
    "referrer" : "-",
    "@timestamp" : "2019-11-01T05:55:32.986+0000",
    "_logzio_pattern" : 3213531,
    "response" : 200,
    "bytes" : 40,
    "name" : "IE",
    "os_name" : "Windows",
    "httpversion" : 1.1,
    "device" : "Other"
    }
    { 
    "request" : "/category/electronics",
    "agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)",
    "minor" : "0",
    "auth" : "-",
    "ident" : "-",
    "os_major" : "7",
    "type" : "logzio-demo-logs-apache",
    "major" : "8",
    "clientip" : "220.186.227.70",
    "_logzio_sample_logs" : true,
    "geoip" : { 
        "timezone" : "Asia/Shanghai",
        "ip" : "220.186.227.70",
        "latitude" : 30.294,
        "country_name" : "China",
        "country_code2" : "CN",
        "continent_code" : "AS",
        "region_name" : "ZJ",
        "location" : [ 120.1619, 30.294 ],
        "real_region_name" : "Zhejiang",
        "longitude" : 120.1619 
        },
    "os" : "Windows 7",
    "verb" : "GET",
    "message" : "220.186.227.70 - - [11/June/2019:00:24:45 +0000] "GET /category/electronics HTTP/1.1" 200 76 "[http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548](http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548)" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)"", 
    "tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ], 
    "referrer" : ""http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548"",
    "@timestamp" : "2019-11-01T05:55:32.386+0000",
    "_logzio_pattern" : 3213531,
    "response" : 200,
    "bytes" : 76,
    "name" : "IE",
    "os_name" : "Windows",
    "httpversion" : 1.1,
    "device" : "Other"
    }
    {
    "request" : "/category/software?from=20",
    "agent" : ""Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"",
    "minor" : "0",
    "auth" : "-",
    "ident" : "-",
    "os_major" : "XP",
    "type" : "logzio-demo-logs-apache",
    "major" : "8",
    "clientip" : "32.189.100.196",
    "_logzio_sample_logs" : true,
    "geoip" : {
        "timezone" : "America/Chicago",
        "ip" : "32.189.100.196",
        "latitude" : 37.751,
        "country_name" : "United States",
        "country_code2" : "US",
        "continent_code" : "NA",
        "location" : [ -97.822, 37.751 ],
        "longitude" : -97.822 
        },
    "os" : "Windows XP",
    "verb" : "GET",
    "message" : "32.189.100.196 - - [11/June/2019:00:24:35 +0000] "GET /category/software?from=20 HTTP/1.1" 200 90 "/category/software" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"",
    "tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
    "referrer" : ""/category/software"",
    "@timestamp" : "2019-11-01T05:55:31.982+0000",
    "_logzio_pattern" : 3213531,
    "response" : 200,
    "bytes" : 90,
    "name" : "IE",
    "os_name" : "Windows",
    "httpversion" : 1.1,
    "device" : "Other"
    }
    ]
}

Step 2: Configure alert profiles

Alert profiles are created for establishing filtering rules.

To configure alert profiles:

  1. Go to Logz.io Home and click Kibana.
  2. Click Create alert and provide the required information. For Actions, provide the previously configured alert endpoint.
    Create New Alert

    Create New Alert

  3. Click Create.
  • To edit alert details: go to Alerts & events > Alert definitions.
  • To view the triggered alerts from the Logz.io console: go to Alerts & events > Triggered alerts.

What to do next

  • View the alerts in OpsRamp.
    1. Go to Alerts and search for source name.
    2. Click an Alert ID to view.