Page tree
Skip to end of metadata
Go to start of metadata

The Sumo Logic integration allows you to retrieve alerts from Sumo Logic and send them to Moogsoft AIOps as events.

Refer to the Sumo Logic LAM Reference to see the integration's default properties. When you use the integrations UI, you can only configure the visible properties. 

If you want to implement a more complex Sumo Logic LAM with custom settings, see Configure the Sumo Logic LAM.

See the Sumo Logic documentation for details on Sumo Logic components.

Before You Begin

The Sumo Logic integration has been validated with Sumo Logic v2018. Before you start to set up your Sumo Logic integration, ensure you have met the following requirements:

  • You have an active Sumo Logic account.
  • You have the necessary permissions to configure a webhook connection and metric monitor in Sumo Logic.
  • Sumo Logic can make requests to external endpoints over port 443.

Configure the Sumo Logic Integration

Configure the Sumo Logic integration in Moogsoft AIOps as follows:

  1. Navigate to the Integrations tab.
  2. Click Sumo Logic in the Monitoring section.
  3. Provide the connection details to create the integration.

Configure Sumo Logic

Log in to Sumo Logic to configure a webhook connection to send alert data to your system. For more help, see the Sumo Logic docs.

  1. Create a new webhook connection in Sumo Logic:

    FieldValue
    NameMoogsoft AIOps
    UsernameUsername generated in the Moogsoft AIOps UI
    PasswordPassword generated in the Moogsoft AIOps UI
  2. Add the following custom JSON payload:

    {
        "signature":"$SearchName::$AlertSource",
        "agent_location":"service.us2.sumologic.com",
        "source":"parse _sourceHost from AlertSource",
        "class":"sumo_metric",
        "description":"$SearchDescription - $AlertThreshold",
        "type":"$SearchName",
        "source_id":"$SearchQueryUrl",
        "SearchQuery": "$SearchQuery",
        "TimeRange":"$TimeRange",
        "FireTime":"$FireTime",
        "AlertSource": "$AlertSource",
        "external_id":"$AlertID",
        "severity":"$AlertStatus"
    }
  3. Optionally send a test notification to verify your system can receive a test alert from Sumo Logic.

  4. Assign the webhook connection to one or more metric monitors in Sumo Logic. You can create a new metric monitor or add the webhook to an existing monitor.

When Sumo Logic detects alerts matching the metric monitor, it automatically notifies Moogsoft AIOps over the webhook notification channel.

  • No labels

7 Comments

  1. This sentence confused me...

    What are we trying to tell the customer? They can configure a LAM but they can't configure a UI integration which uses the LAM defaults?

  2. passive. Do we need the word "generated"? Could just remove.

  3. Think you can probably remove.

  4. Passive. Suggest:

    Refer to the Sumo Logic LAM reference to see the integrations default properties.

  5. Passive.

    When you use the integrations UI, you can only configure the visible properties. 


    (this whole thing seems a little overkill. wouldn't this be the same for ALL integrations UI stuff?)

  6. Just need to confirm this is the standard wording we used for other webhook type stuff. For example New Relic says "Username generated in the Moogsoft AIOps UI"

    I like the "generated" here because it clarifies somewhat that the Integrations UI <does> something.