Skip to main content

Sumo Logic integration

You can configure the Sumo Logic webhook to post notifications to the Moogsoft Cloud CYOI endpoint when events of interest occur.

Before you begin

This integration was validated with Sumo Logic on 6 June 2021.

Before you start to set up your integration, make sure:

  • You have an active Sumo Logic account.

  • You have the necessary permissions to create alerts and notifications channels in Sumo Logic.

  • Sumo Logic can make requests to external endpoints over port 443. This is the default.

  • You have created an API key and have access to a copy of it.

Configure the integration in Moogsoft

To configure the integration:

  1. From the left-hand menu, go to Integrations > Ingestion Services > Create your own integration.

  2. Click Add New Integration.

  3. In the Moogsoft Endpoint field, provide a unique integration name.

    You can give it the same name as the target application or customize the name according to your business needs.

  4. In the API Description field, enter a description (optional) of the purpose for the API or other information relevant to your business needs.

  5. Click Save.

The custom endpoint is now provisioned.

Note

Leave this browser tab open as you will use it later on in the procedure. Open a new tab to configure the current integration. See Create your own integration for additional help.

Define the webhook in Sumo Logic

To create a new webhook in Sumo Logic, do the following:

  1. Log in to Sumo Logic.

  2. Click Manage Data > Alerts.

  3. On the Connections tab, click the +New to add a new connection.

  4. Click webhook.

  5. Input the following:

    • Name: Moogsoft

    • Description: Moogsoft

    • URL: Copy the Endpoint URL from Moogsoft and paste it in this field.

      The endpoint displays in Moogsoft under Integrations > Ingestion Services > Create Your Own Integration > <Your Integration> > Configuration Information after you save your integration.

      Example:

      https://api.moogsoft.ai/v1/integrations/custom/<custom_id>/<your_integration>

    • Custom Headers: Enter your Moogsoft API key.

      NOTE: Enter your API key using this format: apiKey:<your_API_key> instead of using the example formats provided by Sumo Logic.

    • Payload: Build a payload based on your business use case.

      The body of the payload will vary depending on your specific needs. Sumo Logic allows a payload to be built using mustache template style variables from a large list of Sumo Logic data points.

      Recommended JSON payload:

      {
          "source": "{{ResultsJson._sourceHost}}",
          "results": "{{ResultsJson}}",
          "type": "{{MonitorType}}",
          "severity": "{{TriggerType}}",
          "check": "{{ResultsJson.metric}}",
          "name": "{{Name}}",
          "description": "{{ResultsJson.metric}} {{TriggerCondition}}: {{TriggerValue}}",
          "desc": "{{Description}}",
          "client_url": "{{SearchQueryUrl}}",
          "SourceURL": "{{SourceURL}}",
          "id": "{{Id}}",
          "time": "{{TriggerTime}}"
      }
  6. Click Save.

Map Sumo Logic data to event fields

To map Sumo Logic data to event fields in Moogsoft, do the following:

  1. Go back to your Moogsoft tab.

    If you closed your tab, navigate to the Map your Data section of your integration:

    1. Click Integrations > Ingestion Services.

    2. Click Create your own integration.

    3. Click the custom integration that you created in the first part of this procedure.

  2. Under Map Your Data click the received payload to view the fields.

  3. Scroll down and map the payload fields from Sumo Logic to target fields relevant in Moogsoft.

    • Click Add a Mapping to add new rows for additional mappings.

    • To add a default value, click inside a field, scroll to the end of the list of possible payload fields, and then click Default Value. You can then type in the default text to display.

    • To create a tag mapping in the Moogsoft Target Fields column, click inside a field and then click Add Tag.

    • After creating a mapping, click Add to save it.

  4. Click Map Values and map the severity values based on your business use case. The completed mapping should match the following table:

    Note

    The example fields shown will only be visible if a Sumo Logic event with the recommended payload has already been sent.

    Payload Fields

    Moogsoft Target Fields

    source

    Default value: Missing source

    Source

    hostname

    description

    Default value: Missing description

    Description

    Mem_FreePercent Greater than or equal to 35.0 for all of the last 5 minutes: 66.46

    check name

    Default value: Missing check

    Check

    Mem_FreePercent

    severity

    Default value: UNKNOWN

    Severity

    Warning

    manager

    Default Value: Sumo Logic

    Manager

    Sumo Logic

    type

    Type

    Metrics

    client_url

    Tag: URL

    https://service.sumologic.com/ui/#/metricsv2/@1650760861843,1650761161843@metrics@metric%253DMem_FreePercent

    SourceURL

    Tag: SourceURL

    https://service.sumologic.com/ui/#/alerts/unified-monitors/000000000000E79B?selectedRows=000000000000E7A0

    id

    Manager ID

    0000000000049D38

    time

    Time

    04/23/2022 05:46:01 PM PDT

  5. Click Save.

  6. Scroll down to the Set Your Deduplication Key section and then click TEST DEDUPLICATION KEY.

  7. Click SAVE AND ENABLE.