Sumo Logic
Send monitoring events from Sumo Logic to BigPanda.
Supported Versions | Type | Authentication Type |
---|---|---|
SaaS Deployments | Webhook | Org Bearer Token |
Sumo Logic simplifies how you collect and analyze machine data so that you can gain deep visibility across your full application and infrastructure stack. With the Sumo Logic service, you can accelerate modern application delivery, monitor and troubleshoot in real time and improve your security and compliance posture. This is accomplished via the following channels:
- Collect & Centralize.
- Search & Analyze.
- Monitor & Visualize.
- Alert & Notify.
- Detect & Predict.
Open Integration Manager
The Open Integration Manager is available for use with Sumo Logic. For more information, see the Open Integration Manager documentation.
Using Sample Code
These samples are meant to provide a helpful starting point for your custom integration. Though you may be able to copy some of the samples and use them without modifications, your system administrators must review and test all scripts and methods before using them, as per good practices.
Payload Size
Alert payloads must be 6MB or smaller. Larger payloads will fail to process with BigPanda. We recommend reviewing your configurations to ensure that only actionable, useful information is being sent to BigPanda.
Before You Integrate
Before installing the Sumo Logic integration, ensure that you have the following:
- Sumo Logic account.
- Existing Sumo Logic search or ability to create new search.
- BigPanda account.
- Understanding of the BigPanda Alerts API.
Install the Integration
Create an App Key
Create an app key in BigPanda.
Integration Specific
You'll need a separate app key for each integrated system.
Configure the Webhook to send alerts to BigPanda
- Go to Manage > Connections > Add > Webhook.
- In the Create Connection dialog, enter a Name.
- (Optional) Enter a Description.
- In the URL field, copy the API endpoint from the BigPanda integration instructions:
https://integrations.bigpanda.io/sumologic_v2/alerts
- In the Authorization Header field, copy the HTTP headers from the BigPanda integration instructions. Authorization: Bearer
<Your Org Bearer Token>
Content-Type:application/json
- In the Payload field, enter the JSON payload to send to BigPanda.
{
"app_key": "<Your App Key>",
"status": "{{TriggerType}}",
"host": "{{Name}}",
"check": "{{Query}}",
"cluster": "Customer Application",
"description": "{{Description}}",
"link": "{{QueryUrl}}",
"timestamp": "{{TriggerTimeStart}}"
}
The following Sumo Logic variables can be used as parameters within your JSON object:
- {{Name}}: The name of the defined alert.
- {{Description}}: The description of the alert.
- {{MonitorType}}: The type of alert, either Logs or Metrics.
- {{Query}}: The query used to run the alert.
- {{QueryURL}}: The URL to the logs or metrics query within Sumo Logic.
- {{Id}}: The unique identifier of the monitor or search that triggered the alert.
- {{DetectionMethod}}: The type of Detection Method used to detect alerts. Values are based on static or outlier triggers and data type, either logs or metrics.
- {{TriggerType}}: The status of the alert or recovery.
- {{TriggerTimeRange}}: The time range of the query that triggered the alert, in human readable form.
- {{TriggerTime}}: The time the monitor was triggered, in human readable form.
- {{TriggerTimeStart}}: The start time of the time range that triggered the monitor, in Unix format.
- {{TriggerTimeEnd}}: The end time of the time range that triggered the monitor, in Unix format.
- {{TriggerCondition}}: The condition that triggered the alert.
- {{TriggerValue}}: The value that triggered the alert.
- {{SourceURL}}: The URL to the configuration or status page of the monitor in Sumo Logic.
- {{AlertResponseUrl}}: When your Monitor is triggered it will generate a URL and provide it as the value of this variable, which you can use to open Alert Response.
- {{ResultsJson}}: JSON object that contains search aggregation results. A maximum of 10 raw results or 200 results for this field can be sent via Webhook.
- {{NumQueryResults}}: Number of results returned by the search. A maximum of 10 raw results or 200 aggregate results for this field can be sent via Webhook.
(Optional) Test the Integration
1. Adjust JSON payload as required.
2. Click Test Connection.
3. A message should appear at the top of the Sumo Logic Webhook configuration page. A successful test returns an HTTP 201 response.
After Installing
Add another BigPanda Webhook as an Alert Type to an existing search, if required. Send the status as critical, warning, or ok.
Alerts Do Not Close Automatically
Sumo Logic incidents are not closed automatically because Sumo Logic does not send notifications when alerts are resolved. You must manually resolve Sumo Logic incidents in BigPanda to remove them from the incident feed.
Uninstall the Integration
Deleting an integration requires that you remove the integration in both the integrated system and BigPanda. We recommend that you first uninstall the integration on the integrated system to prevent traffic from being sent and rejected by BigPanda, since the app key will not exist once you delete the integration in BigPanda.
Caution During Replacement
When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.
Deactivate Inbound Integration
If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.
To deactivate an inbound integration:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.
- At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.
In the integrations list, inactive integrations will be marked with a gray bar.
Alert Resolution for Inactive Integrations
Any active alerts belonging to an inactive integration must be manually resolved or they will stay in the system until the auto-resolve window is reached.
Stop Sending Data to BigPanda
Within the integrated system, disable any settings that send data to BigPanda.
Each system requires specific changes to disable the integration with BigPanda. For example, you must delete the topic in CloudWatch, and you must disable the alert channel in New Relic. To determine the changes for your integrated system, reference the relevant documentation or contact BigPanda support.
Manually resolve any open alerts sent from the integration to remove the associated incidents from your incident feed. These incidents will not automatically resolve without an ok status from the original sending integration.
Delete the Integration in BigPanda
Take the following steps to delete the integration from BigPanda:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list.
- In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will be removed immediately.
️Automatic Alert Resolution for Deleted Integrations
All active alerts from the integration will be resolved after deletion.
Data Removal
This procedure does not remove any data from the integrated system.
Updated 4 months ago