Sumo Logic integration
You can configure the Sumo Logic webhook to post notifications to the APEX AIOps Incident Management CYOI endpoint when events of interest occur.
Before you begin
This integration was validated with Sumo Logic on 6 June 2021.
Before you start to set up your integration, make sure:
You have an active Sumo Logic account.
You have the necessary permissions to create alerts and notifications channels in Sumo Logic.
Sumo Logic can make requests to external endpoints over port 443. This is the default.
You have created an API key and have access to a copy of it.
Configure the integration in Incident Management
To configure the integration:
From the left-hand menu, go to Integrations > Ingestion Services > Create your own integration.
Click Add New Integration.
In the APEX AIOps Incident Management Endpoint field, provide a unique integration name.
You can give it the same name as the target application or customize the name according to your business needs.
In the API Description field, enter a description (optional) of the purpose for the API or other information relevant to your business needs.
Click Save.
The custom endpoint is now provisioned.
Note
Leave this browser tab open as you will use it later on in the procedure. Open a new tab to configure the current integration. See Create your own integration for additional help.
Define the webhook in Sumo Logic
To create a new webhook in Sumo Logic, do the following:
Log in to Sumo Logic.
Click Manage Data > Alerts.
On the Connections tab, click the +New to add a new connection.
Click webhook.
Input the following:
Name: APEX AIOps Incident Management
Description: Incident Management
URL: Copy the Endpoint URL from Incident Management and paste it in this field.
The endpoint displays in Incident Management under Integrations > Ingestion Services > Create Your Own Integration > <Your Integration> > Configuration Information after you save your integration.
Example:
https://api.moogsoft.ai/v1/integrations/custom/<custom_id>/<your_integration>
Custom Headers: Enter your Incident Management API key.
NOTE: Enter your API key using this format:
apiKey:<your_API_key>
instead of using the example formats provided by Sumo Logic.Payload: Build a payload based on your business use case.
The body of the payload will vary depending on your specific needs. Sumo Logic allows a payload to be built using mustache template style variables from a large list of Sumo Logic data points.
Recommended JSON payload:
{ "source": "{{ResultsJson._sourceHost}}", "results": "{{ResultsJson}}", "type": "{{MonitorType}}", "severity": "{{TriggerType}}", "check": "{{ResultsJson.metric}}", "name": "{{Name}}", "description": "{{ResultsJson.metric}} {{TriggerCondition}}: {{TriggerValue}}", "desc": "{{Description}}", "client_url": "{{SearchQueryUrl}}", "SourceURL": "{{SourceURL}}", "id": "{{Id}}", "time": "{{TriggerTime}}" }
Click Save.
Map Sumo Logic data to event fields
To map Sumo Logic data to event fields in Incident Management, do the following:
Go back to your Incident Management tab.
If you closed your tab, navigate to the Map your Data section of your integration:
Click Integrations > Ingestion Services.
Click Create your own integration.
Click the custom integration that you created in the first part of this procedure.
Under Map Your Data click the received payload to view the fields.
Scroll down and map the payload fields from Sumo Logic to target fields relevant in Incident Management.
Click Add a Mapping to add new rows for additional mappings.
To add a default value, click inside a field, scroll to the end of the list of possible payload fields, and then click Default Value. You can then type in the default text to display.
To create a tag mapping in the Incident Management Target Fields column, click inside a field and then click Add Tag.
After creating a mapping, click Add to save it.
Click Map Values and map the severity values based on your business use case. The completed mapping should match the following table:
Note
The example fields shown will only be visible if a Sumo Logic event with the recommended payload has already been sent.
Payload Fields
Incident Management Target Fields
source
Default value: Missing source
Source
hostname
description
Default value: Missing description
Description
Mem_FreePercent Greater than or equal to 35.0 for all of the last 5 minutes: 66.46
check name
Default value: Missing check
Check
Mem_FreePercent
severity
Default value: UNKNOWN
Severity
Warning
manager
Default Value: Sumo Logic
Manager
Sumo Logic
type
Type
Metrics
client_url
Tag: URL
https://service.sumologic.com/ui/#/metricsv2/@1650760861843,1650761161843@metrics@metric%253DMem_FreePercent
SourceURL
Tag: SourceURL
https://service.sumologic.com/ui/#/alerts/unified-monitors/000000000000E79B?selectedRows=000000000000E7A0
id
Manager ID
0000000000049D38
time
Time
04/23/2022 05:46:01 PM PDT
Click Save.
Scroll down to the Set Your Deduplication Key section and then click TEST DEDUPLICATION KEY.
Click SAVE AND ENABLE.
Recommended mapping for configuring with API
If you are configuring the CYOI Endpoint using the Incident Management API, you can use the following JSON object as a recommended mapping:
"mappings": [ { "type": "BASIC", "targetPath": { "path": "source", "source": false }, "paths": [ { "path": "source", "source": true } ], "defaultValue": "Missing source" }, { "type": "BASIC", "targetPath": { "path": "description", "source": false }, "paths": [ { "path": "description", "source": true } ], "defaultValue": "Missing description" }, { "type": "BASIC", "targetPath": { "path": "check", "source": false }, "paths": [ { "path": "check", "source": true }, { "path": "name", "source": true } ], "defaultValue": "Missing check" }, { "type": "BASIC", "targetPath": { "path": "severity", "source": false }, "paths": [ { "path": "severity", "source": true } ], "defaultValue": "UNKNOWN", "converter": { "sourceValues": [ "clear", "0", "OK", "recovered", "UP", "warning", "2", "WARN", "minor", "3", "major", "4", "ERROR", "critical", "5", "FATAL", "unknown", "1" ], "targetValues": [ "CLEAR", "CLEAR", "CLEAR", "CLEAR", "CLEAR", "WARNING", "WARNING", "WARNING", "MINOR", "MINOR", "MAJOR", "MAJOR", "MAJOR", "CRITICAL", "CRITICAL", "CRITICAL", "UNKNOWN", "UNKNOWN" ] } }, { "type": "BASIC", "targetPath": { "path": "manager", "source": false }, "paths": [], "defaultValue": "Sumo Logic" }, { "type": "BASIC", "targetPath": { "path": "type", "source": false }, "paths": [ { "path": "type", "source": true } ] }, { "type": "BASIC", "targetPath": { "path": "tags.URL", "source": false }, "paths": [ { "path": "client_url", "source": true } ] }, { "type": "BASIC", "targetPath": { "path": "tags.SourceURL", "source": false }, "paths": [ { "path": "SourceURL", "source": true } ] }, { "type": "BASIC", "targetPath": { "path": "manager_id", "source": false }, "paths": [ { "path": "id", "source": true } ] }, { "type": "BASIC", "targetPath": { "path": "time", "source": false }, "paths": [ { "path": "time", "source": true } ] }, { "type": "CONCATENATED", "targetPath": { "path": "dedupe_key", "source": false }, "paths": [ { "path": "source", "source": false }, { "path": "check", "source": false }, { "path": "manager", "source": false } ], "delimiter": "::" } ]