/
Integrate with Sumo Logic

Integrate with Sumo Logic

Owned by Shivi Sivasubramanian
Last updated: Aug 06, 2024 by Meghali Deb Roy (Deactivated)
3 min read

This article explains integrating Sumo Logic with both versions available in Compass's integration platform; Sumo Logic and Sumo Logic (Legacy). The procedural steps are the same for both integrations. However, refer to the correct integration version while working with the payloads.

What does the integration offer?

Compass provides a two-way integration with Sumo Logic. When an action occurs in Compass alerts, the webhook data will be forwarded to the Sumo Logic. Also, Sumo Logic sends webhook alerts to Compass which acts as a dispatcher for these alerts and determines the right people to notify based on on-call schedules, notifies via email, text messages (SMS), phone calls, and iOS and Android push notifications, and escalates alerts until the alert is acknowledged or closed.

How does the integration work?

  • When a scheduled search or monitor triggers an alert in Sumo Logic, an alert will be created automatically in Compass.

  • When the monitor resolves an alert, the corresponding alert will be closed in Compass.

  • When an alert action occurs in Compass, the webhook payload will be sent to Sumo Logic.

Set up the integration

Sumo Logic is a bidirectional integration. Setting it up involves the following steps:

  • Add a Sumo Logic integration in Compass

  • Configure the integration in Sumo Logic

Add a Sumo Logic integration

In this release, only incoming integrations are fully supported in the Standard plan, at a team level. To use outgoing integrations or the outgoing part of bidirectional integrations, upgrade to a higher subscription plan. There may be restrictions on how you can create and apply integration rules as well.

You can add this integration only from your team’s operations page. Adding an integration from your team’s operations page makes your team the owner of the integration. This means Compass only assigns the alerts received through this integration to your team.

To add a Sumo Logic integration in Compass:

  1. Go to your team’s operations page.

  2. On the left navigation panel, select Integrations and then Add integration.

  3. Run a search and select “Sumo Logic”.

  4. On the next screen, enter a name for the integration.

  5. Optional: Select a team in Assignee team if you want a specific team to receive alerts from the integration.

  6. Select Continue.
    The integration is saved at this point.

  7. Expand the Steps to configure the integration section and copy the integration URL generated for your account.
    You will use this URL while configuring the integration in Sumo Logic later.

  8. Select Turn on integration.
    The rules you create for the integration will work only if you turn on the integration.

Configure the integration in Sumo Logic

In Sumo Logic, scheduled searches and monitors send alerts to other tools via Webhook connections. To send alerts from Sumo Logic to Compass, create a Webhook first and use it in a scheduled search or monitor configuration.

  1. In Sumo Logic, go to Manage Data > Monitoring > Connections.

  2. Select + Add and select “Webhook” for Connection type.

  3. Enter “Compass” for the name, and optionally, a description for the webhook connection.

  4. Paste the API URL copied previously into URL.

  5. Copy the payload JSON as appropriate from the following section and paste it into Payload.

  6. Select Save.

JSON - For Sumo Logic

{ "AlertName": "{{AlertName}}", "Description": "{{Description}}", "action": "create", "AlertURL": "{{AlertResponseURL}}", "Query": "{{Query}}", "QueryURL": "{{QueryURL}}", "TriggerTime": "{{TriggerTime}}", "TriggerTimeRange": "{{TriggerTimeRange}}", "TriggerCondition": "{{TriggerCondition}}", "TriggerValue": "{{TriggerValue}}", "TriggerType": "{{TriggerType}}", "ResultsJson": "{{ResultsJSON}}", "DetectionMethod": "{{DetectionMethod}}", "MonitorType": "{{MonitorType}}", "NumQueryResults": "{{NumQueryResults}}", "SourceURL": "{{SourceURL}}" }

JSON - For Sumo Logic (Legacy)

{ "searchName": "{{SearchName}}", "searchDescription": "{{SearchDescription}}", "searchQuery": "{{SearchQuery}}", "searchQueryUrl": "{{SearchQueryUrl}}", "timeRange": "{{TimeRange}}", "fireTime": "{{FireTime}}", "rawResultsJson": "{{RawResultsJson}}", "numRawResults": "{{NumRawResults}}", "priority" : "P3", "aggregateResultsJson" : "{{AggregateResultsJson}}" }

Find out how to use a webhook in a scheduled search.

Find out how to use a webhook in a monitor.

Sample payload sent from Sumo Logic

JSON

{ "AlertName": "High CPU on public api service", "Description": "CPU is above 80% all the time for 15 min on public api service", "action": "create", "AlertURL": "https://service.eu.sumologic.com/ui/#/alert/00000000000D0E85", "Query": "metric=cpu_user service=api-service", "QueryURL": "https://service.eu.sumologic.com/ui/#/metricsv2/cOS9vwBvqBtI76EDRQapYA3nP0NKFLBbFmrViiiM", "TriggerTime": "2022-03-18 13:34:17 EET", "TriggerTimeRange": "2022-03-18 13:28:45 EET - 2022-03-18 13:33:45 EET", "TriggerCondition": "Metric field CPU violates the alert condition \"greater than 80.0 all the time in the last 15 minutes\"", "TriggerValue": "85.4", "TriggerType": "Critical", "ResultsJson": "[{\"CPU\":85.4}]", "DetectionMethod": "MetricsStaticCondition", "MonitorType": "Metrics", "NumQueryResults": "1", "SourceURL": "https://service.eu.sumologic.com/ui/#/alerts/unified-monitors/000000000000676A?selectedRows=00000000000123BD" }

 

Related content

Integrate with Scalyr
Integrate with Scalyr
Operations
Read with this
Integrate with LogicMonitor
Integrate with LogicMonitor
Operations
Read with this
Integrate with WhatsUp Gold
Integrate with WhatsUp Gold
Operations
Read with this