• Get started
  • Documentation

Integrate Opsgenie with Sumo Logic

Sumo Logic logo

This document explains integrating Sumo Logic with both versions available in Opsgenie's integration platform; Sumo Logic and Sumo Logic (Legacy). The procedural steps are the same for both integrations. However, refer to the correct integration version while working with the payloads.

What does Opsgenie offer Sumo Logic users?

Opsgenie provides a two-way integration with Sumo Logic. When an action occurs in Opsgenie alerts, the webhook data will be forwarded to the Sumo Logic. Also, Sumo Logic sends webhook alerts to Opsgenie which acts as a dispatcher for these alerts and determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until the alert is acknowledged or closed.

Functionality of the integration

  • When a scheduled search or monitor triggers an alert in Sumo Logic, an alert will be created automatically in Opsgenie.

  • When the monitor resolves an alert, the corresponding Opsgenie alert will be closed in Opsgenie.

  • When an alert action occurs in Opsgenie, the webhook payload will be sent to Sumo Logic.

Add Sumo Logic integration in Opsgenie

If you're using Opsgenie's Free or Essentials plan or if you’re using Opsgenie with Jira Service Management's Standard plan, you can add this integration from your team dashboard only. The Integrations page under Settings is not available in your plan.

  1. Go to Teams and select your team.

  2. Select Integrations on the left navigation and then select Add integration.

Adding the integration from your team dashboard will make your team the owner of the integration. This means Opsgenie will assign the alerts received through this integration to your team only. Follow the rest of the steps in this section to set up the integration.

  1. Go to Settings > Integrations. Search for Sumo Logic and select Add

  2. Specify who is notified of Sumo Logic alerts using the Responders field. Auto-complete suggestions are provided as you type.

  3. Copy the URL to use in Sumo Logic.

  4. To forward alert data to Sumo Logic activate Opsgenie to Sumo Logic field and fill the collector URL which is provided from Sumo Logic.

  5. Select Save Integration.

Configuration in Sumo Logic

In Sumo Logic, scheduled searches and monitors send alerts to other tools via Webhook connections. To send alerts from Sumo Logic to Opsgenie, create a Webhook first and use it in a scheduled search or monitor configuration.

Create Webhook

  1. In Sumo Logic, go to Manage Data > Monitoring > Connections.

  2. Select + Add and choose Webhook as connection type.

  3. Populate the name as "Opsgenie" and give an optional description to the connection.

  4. Paste the URL copied previously into the URL field.

  5. Enter the JSON below in the Payload field, then select Save.

JSON

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 { "AlertName": "{{AlertName}}", "Description": "{{Description}}", "action": "create", "AlertURL": "{{AlertResponseURL}}", "Query": "{{Query}}", "QueryURL": "{{QueryURL}}", "TriggerTime": "{{TriggerTime}}", "TriggerTimeRange": "{{TriggerTimeRange}}", "TriggerCondition": "{{TriggerCondition}}", "TriggerValue": "{{TriggerValue}}", "TriggerType": "{{TriggerType}}", "ResultsJson": "{{ResultsJSON}}", "DetectionMethod": "{{DetectionMethod}}", "MonitorType": "{{MonitorType}}", "NumQueryResults": "{{NumQueryResults}}", "SourceURL": "{{SourceURL}}" }

 

Use this payload if you're using Sumo Logic (Legacy) integration:

1 2 3 4 5 6 7 8 9 10 11 12 { "searchName": "{{SearchName}}", "searchDescription": "{{SearchDescription}}", "searchQuery": "{{SearchQuery}}", "searchQueryUrl": "{{SearchQueryUrl}}", "timeRange": "{{TimeRange}}", "fireTime": "{{FireTime}}", "rawResultsJson": "{{RawResultsJson}}", "numRawResults": "{{NumRawResults}}", "priority" : "P3", "aggregateResultsJson" : "{{AggregateResultsJson}}" }

View Sumo Logic documentation to learn how to use a Webhook in a Scheduled Search or a Monitor.

Sample payload sent from Sumo Logic

JSON

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 { "AlertName": "High CPU on public api service", "Description": "CPU is above 80% all the time for 15 min on public api service", "action": "create", "AlertURL": "https://service.eu.sumologic.com/ui/#/alert/00000000000D0E85", "Query": "metric=cpu_user service=api-service", "QueryURL": "https://service.eu.sumologic.com/ui/#/metricsv2/cOS9vwBvqBtI76EDRQapYA3nP0NKFLBbFmrViiiM", "TriggerTime": "2022-03-18 13:34:17 EET", "TriggerTimeRange": "2022-03-18 13:28:45 EET - 2022-03-18 13:33:45 EET", "TriggerCondition": "Metric field CPU violates the alert condition \"greater than 80.0 all the time in the last 15 minutes\"", "TriggerValue": "85.4", "TriggerType": "Critical", "ResultsJson": "[{\"CPU\":85.4}]", "DetectionMethod": "MetricsStaticCondition", "MonitorType": "Metrics", "NumQueryResults": "1", "SourceURL": "https://service.eu.sumologic.com/ui/#/alerts/unified-monitors/000000000000676A?selectedRows=00000000000123BD" }

Still need help?

The Atlassian Community is here for you.