Configuring Sumo Logic as an event source

You can set up an integration with Netcool® Operations Insight® to receive notifications created by Sumo Logic. Sumo Logic is a cloud log management and metrics monitoring solution.

Before you begin

Clear events are never sent from Sumo Logic. However, you can set the expiryTime attribute in the payload to automatically clear the resulting event management incidents after a specified time period (in seconds) has elapsed.
The following event types are supported for this integration:
  • All Sumo Logic notifications via the webhook connection.

About this task

Using a webhook URL, alerts generated by Sumo Logic are sent to the event management service as events.

Procedure

  1. Click Administration > Integrations with other systems.
  2. Click New integration.
  3. Go to the Sumo Logic tile and click Configure.
  4. Enter a name for the integration and click Copy Copy to add the generated webhook URL to the clipboard. Ensure you save the generated webhook to make it available later in the configuration process. For example, you can save it to a file.
  5. Click Save.
  6. Open the Sumo Logic app and go to Manage Data > Settings > Connections.
  7. On Connections, click Add > Webhook.
  8. In the Create Connection window, enter the connection Name and (optionally) a description.
  9. In the field provided, paste the webhook URL that you copied in step 4.
  10. Copy and paste the sample payload from this step into the Payload section. Please note the following:
    • Attributes with curly brackets {{ }} are Sumo Logic payload variables that do not require updating.
    • For attributes with angle brackets < > you must provide a valid name or description, as appropriate.
    • You can customize the payload if required. For more information about the available Webhook payload variables, see the Sumo Logic user guide: https://help.sumologic.com/Manage/Connections-and-Integrations/Webhook-Connections/Set-Up-Webhook-Connections. If you are customizing the payload, you must include the four mandatory fields in your customized payload (see Table 1 for mandatory fields).
    Sample payload:
    {
       "resource": {
          "name":"<name of the resource that triggered the alert>",
          "type":"<type of the resource that triggered the alert>"
       },
       "type": {
          "eventType":"<type of the event. E.g. Utilization, System status, Threshold breach>",
          "statusOrThreshold":"{{AlertThreshold}}"
       },
       "summary":"<description of the event condition>",
       "severity":"{{AlertStatus}}",
       "urls": [
          {
             "url":"{{SearchQueryUrl}}",
             "description":"Search Query Url"
          }
       ],
       "sender": {
          "name":"Sumo Logic"
       },
       "expiryTime":300,
       "searchName":"{{SearchName}}",
       "searchDescription":"{{SearchDescription}}",
       "searchQuery":"{{SearchQuery}}",
       "numRawResults":"{{NumRawResults}}"
    }
    The following table describes the attributes in the payload:
    Table 1. Payload attributes
    Attributes Type Description Required
    resource.name String The name of the resource that caused the event. Mandatory
    resource.type String The type of resource that caused the event. Optional
    type.eventType String Description of the type of event. Mandatory
    type.statusOrThreshold String The status or the threshold that caused the event. Optional
    summary String Description of the event condition. Mandatory
    severity String Severity of the event: Critical, Major, Minor, Warning, Information, or Indeterminate. Mandatory
    urls[0].url String The URL link to the search or metrics query. This attribute is mandatory if urls[0].description is defined. Optional
    urls[0].description String Descriptive text for the URL. Optional
    sender.name String Name of the sender that sent the event to event management. Optional
    expiryTime Number The number of seconds after which the event will be cleared, if no further occurrence. Optional
    searchName String Name of the saved search or monitor. Optional
    searchDescription String Description of the saved search or monitor. Optional
    searchQuery String The query used to run the saved search. Optional
    numRawResults String Number of results returned by the search. Optional
  11. Click Test Connection to ensure that the webhook connection with event management is configured correctly. Event management will not process the event if any attributes do not follow the correct JSON format and type.
  12. Click Save.
  13. To start receiving alert notifications from Sumo Logic, verify that Enable event management from this source is set to On..