Sumo Logic
The Sumo Logic integration allows you to retrieve alerts from Sumo Logic and send them to Moogsoft Onprem as events.
Refer to the Sumo Logic Reference to see the integration's default properties. When you use the integrations UI, you can only configure the visible properties.
If you want to implement a more complex Sumo Logic LAM with custom settings, see Configure the Sumo Logic LAM.
See the Sumo Logic documentation for details on Sumo Logic components.
Before You Begin
The Sumo Logic integration has been validated with Sumo Logic v2018. Before you start to set up your Sumo Logic integration, ensure you have met the following requirements:
You have an active Sumo Logic account.
You have the necessary permissions to configure a webhook connection and metric monitor in Sumo Logic.
Sumo Logic can make requests to external endpoints over port 443.
Configure the Sumo Logic Integration
To configure the Sumo Logic integration:
Navigate to the Integrations tab.
Click Sumo Logic in the Monitoring section.
Provide a unique integration name. You can use the default name or customize the name according to your needs.
Set a Basic Authentication username and password.
Configure Sumo Logic
Log in to Sumo Logic to configure a webhook connection to send alert data to your system. For more help, see the Sumo Logic documentation.
Create a new webhook connection in Sumo Logic:
Field
Value
Name
Moogsoft Onprem
Username
Username generated in the Moogsoft Onprem UI
Password
Password generated in the Moogsoft Onprem UI
Add the following custom JSON payload:
{ "signature":"$SearchName::$AlertSource", "agent_location":"service.us2.sumologic.com", "source":"parse _sourceHost from AlertSource", "class":"sumo_metric", "description":"$SearchDescription - $AlertThreshold", "type":"$SearchName", "source_id":"$SearchQueryUrl", "SearchQuery": "$SearchQuery", "TimeRange":"$TimeRange", "FireTime":"$FireTime", "AlertSource": "$AlertSource", "external_id":"$AlertID", "severity":"$AlertStatus" }
Optionally send a test notification to verify your system can receive a test alert from Sumo Logic.
Assign the webhook connection to one or more metric monitors in Sumo Logic. You can create a new metric monitor or add the webhook to an existing monitor.
When Sumo Logic detects alerts matching the metric monitor, it automatically notifies Moogsoft Onprem over the webhook notification channel.