You can set up an integration with Netcool® Operations Insight® to
receive notifications created by Sumo Logic. Sumo Logic is a cloud log management and metrics
monitoring solution.
Before you begin
Clear events are never sent from Sumo Logic. However, you can set
the expiryTime
attribute in the payload to automatically clear the resulting
event management incidents after a specified time period (in seconds) has
elapsed.The following event types are supported for this integration:
- All Sumo Logic notifications via the webhook connection.
About this task
Using a webhook URL, alerts generated by Sumo Logic are sent to the event management service as events.
Procedure
-
Click
.
-
Click New integration.
-
Go to the Sumo Logic tile and click
Configure.
-
Enter a name for the integration and click
Copy to add the generated webhook URL to the clipboard. Ensure you save the
generated webhook to make it available later in the configuration process. For example, you can save
it to a file.
-
Click Save.
-
Open the Sumo Logic app and go to .
-
On Connections, click .
-
In the Create Connection window, enter the connection
Name and (optionally) a description.
-
In the field provided, paste the webhook URL that you copied in step 4.
-
Copy and paste the sample payload from this step into the Payload
section. Please note the following:
- Attributes with curly brackets {{ }} are Sumo Logic payload variables that do not require
updating.
- For attributes with angle brackets < > you must provide a valid name or description, as
appropriate.
- You can customize the payload if required. For more information about the available Webhook
payload variables, see the Sumo Logic user guide: https://help.sumologic.com/Manage/Connections-and-Integrations/Webhook-Connections/Set-Up-Webhook-Connections. If you are customizing the payload, you must include the four
mandatory fields in your customized payload (see Table 1 for mandatory fields).
Sample
payload:
{
"resource": {
"name":"<name of the resource that triggered the alert>",
"type":"<type of the resource that triggered the alert>"
},
"type": {
"eventType":"<type of the event. E.g. Utilization, System status, Threshold breach>",
"statusOrThreshold":"{{AlertThreshold}}"
},
"summary":"<description of the event condition>",
"severity":"{{AlertStatus}}",
"urls": [
{
"url":"{{SearchQueryUrl}}",
"description":"Search Query Url"
}
],
"sender": {
"name":"Sumo Logic"
},
"expiryTime":300,
"searchName":"{{SearchName}}",
"searchDescription":"{{SearchDescription}}",
"searchQuery":"{{SearchQuery}}",
"numRawResults":"{{NumRawResults}}"
}
The
following table describes the attributes in the payload:
Table 1. Payload attributes
Attributes |
Type |
Description |
Required |
resource.name |
String |
The name of the resource that caused the event. |
Mandatory |
resource.type |
String |
The type of resource that caused the event. |
Optional |
type.eventType |
String |
Description of the type of event. |
Mandatory |
type.statusOrThreshold |
String |
The status or the threshold that caused the event. |
Optional |
summary |
String |
Description of the event condition. |
Mandatory |
severity |
String |
Severity of the event: Critical, Major, Minor, Warning, Information, or
Indeterminate. |
Mandatory |
urls[0].url |
String |
The URL link to the search or metrics query. This attribute is mandatory if
urls[0].description is defined. |
Optional |
urls[0].description |
String |
Descriptive text for the URL. |
Optional |
sender.name |
String |
Name of the sender that sent the event to event management. |
Optional |
expiryTime |
Number |
The number of seconds after which the event will be cleared, if no further
occurrence. |
Optional |
searchName |
String |
Name of the saved search or monitor. |
Optional |
searchDescription |
String |
Description of the saved search or monitor. |
Optional |
searchQuery |
String |
The query used to run the saved search. |
Optional |
numRawResults |
String |
Number of results returned by the search. |
Optional |
- Click Test Connection to ensure that the webhook connection with
event management is configured correctly. Event
management will not process the event if any attributes do not follow the correct JSON format and
type.
-
Click Save.
-
To start receiving alert notifications from Sumo Logic, ensure that Enable event management from this
source is set to On..