Skip to main content
Sumo Logic

Lab 8 - Azure Exporting and Importing Dashboards

Learn basic operators to parse and group your search results.
 

You can export this and other dashboards from the training environment to your company's environment.  You simply have to change the _sourceCategory= statements to reflect your source categories for your Azure environment. 

Exporting the dashboard from the training environment
  1. In the navigation panel, click Personal folder, then select your dashboard that you created in earlier labs and click the More Action button.

clipboard_e393fe52ac1d83b9d6153679e01244959.png

  1. Select Export. The export popup window will appear as below. Here you can select either to Copy or Download the JSON format. For this lab, select Download, then click the Done button

clipboard_e2b1cbcd7842826957a39761538bbd2da.png

  1. You will receive a message telling you that is successfully downloaded. Open the JSON file you just downloaded in the text editor. Here are some text editors that will recognize the JSON format <VSCode (visual studio), Sublime, ATOM).
  2. In order to connect the location of your incoming data source with this dasboard or any dashboard created in the training environment, you need to replace the sending metadata tag _sourceCategory from the training environment to your corporate environment. The training environment points to _sourceCategory=<path to azure> to your azure _sourceCategory. Open your downloaded JSON file in your text editor. 
  3. In this example using Visual Studio Code as my text editor,  you can then select Edit and then Replace to change the _sourceCategory value.
      clipboard_e4f876aea512f0fa27a778f5c29dbb631.png

 

Add the lookup tables for the Parameters: Actor and Event_type 
  1. Lastly, you will need to recreate the lookup tables in your corporate environment. For the Actor lookup table, run this log search for -24 hours: NOTE You will need to modify the _sourceCategory value to point to your Azure Active Directory data
    _sourceCategory="Labs/Azure/AD" !"Azure AD Cloud Sync" !"Microsoft.Azure.SyncFabric"
    | json field=_raw "identity" as actor
    | count by actor
    | fields - _count
    | save shared/azure_actor_list
  2. For the eventtype lookup table run this log search for 24 hours. NOTE You will need to modify the _sourceCategory value to point to your Azure Active Directory data
    _sourceCategory="Labs/Azure/AD" !"Azure AD Cloud Sync" !"Microsoft.Azure.SyncFabric"
    | json field=_raw "operationName" as event_type
    |count by event_type
    | fields - _count
    | save shared/azure_eventtype_list
  3. In both cases you will see this dialog box to verify you want to save your output to a file. 

Screen Shot 2020-07-17 at 1.19.04 PM.png

Import your modified JSON dashboard 
  1. You will need to copy your JSON code before you import. Copy your JSON from your editor into your clipboard.
  2. Ensure you are logged into your corporate Sumo Logic environment. In the left navigation pane, to the right of the search window, Click the three vertical dots (the More Action button)  and then select Import. 

clipboard_e402a5ca4e71c65ea14f4eff5df3dcbed.png

  1. Under Name enter the name you want to call this dashboard and paste in your JSON code from the clipboard.

clipboard_e97d366b179dd98c797aa455b9d28c0f4.png

  1. At the bottom of your import panel you will be an Import and Cancel button. To execute the import, Click Import.
  2. Finally be sure to test that your dashboard imported successfully by opening it in Sumo Logic and observe the results.