Sumo Logic

Sumo Logic provides monitoring tools for applications and infrastructure. Build this integration to correlate Sumo Logic alerts into high-level incidents in BigPanda.

Supported Versions


Authentication Type

SaaS Deployments


Bearer Token

How It Works

Sumo Logic simplifies how you collect and analyze machine data so that you can gain deep visibility across your full application and infrastructure stack. With the Sumo Logic service, you can accelerate modern application delivery, monitor and troubleshoot in real time and improve your security and compliance posture. This is accomplished via the following channels:

  1. Collect & Centralize.

  2. Search & Analyze.

  3. Monitor & Visualize.

  4. Alert & Notify.

  5. Detect & Predict.


Using Sample Code

These samples are meant to provide a helpful starting point for your custom integration. Though you may be able to copy some of the samples and use them without modifications, your system administrators must review and test all scripts and methods before using them, as per good practices.


  • Sumo Logic account.

  • Existing Sumo Logic search or ability to create new search.

  • BigPanda account.

  • Understanding of BigPanda Alerts API.

Step 1: In BigPanda, create an App Key.

  1. In BigPanda, click the Integrations tab at the top of the screen.

  2. In the left pane, click New Integration.

  3. On the Monitoring tab, click Alerts REST API.

  4. In Step 1, enter the name of the integration. For example, enter Sumo Logic.

  5. Click Generate App Key.

Step 2: In Sumo Logic, configure the Webhook to send alerts to BigPanda.

  1. Go to Manage > Connections.

  2. On the Connections page, click Add.

  3. Click Webhook.

  1. In the Create Connection dialog, enter a Name. For example, Sumo Logic.

  2. (Optional) Enter a Description.

  3. In the URL field, copy the API endpoint from the BigPanda integration instructions.

  4. In the Authorization Header field, copy the HTTP headers from the BigPanda integration instructions.

  5. In the Payload field, enter the JSON payload to send to BigPanda.

  "app_key": <BigPanda App Key>,
  "status": "<ok|critical|warning>",
  "host": "SumoLogic Alert $SearchName",
  "check": "Time=$FireTime, Query=$SearchQuery",
  "cluster": "Customer Application",
  "description": "Count=$NumRawResults, Range=$TimeRange",
  "link": "$SearchQueryUrl"

The following Sumo Logic variables can be used as parameters within your JSON object:

  • $SearchName: Name of the saved search.

  • $SearchDescription: Description of the saved search.

  • $SearchQuery: Query used to run the saved search.

  • $SearchQueryUrl: URL link to the saved search.

  • $TimeRange: Time range used to run the search.

  • $FireTime: Start time of the search.

  • $AggregateResultsJson: JSON object that contains search aggregation results.


A maximum of 200 results for this field can be sent via Webhook.

  • $RawResultsJson: JSON object containing raw messages.


A maximum of 10 results for this field can be sent via Webhook.

  • $NumRawResults: Number of raw results returned by the search.


A maximum of 100 results for this field can be sent via Webhook.

Step 3. Test the integration by sending a test alert from Sumo Logic.

  1. Adjust JSON payload as required.

  2. Click Test Connection.

  • A message appears at the top of the Sumo Logic Webhook configuration page.

  • A successful test returns an HTTP 201 response.


Add another BigPanda Webhook as an Alert Type to an existing search, if required. Send the status as critical, warning, or ok.


Sumo Logic incidents are not closed automatically because Sumo Logic does not send notifications when alerts are resolved. You must manually resolve Sumo Logic incidents in BigPanda to remove them from the incident feed.