Skip to main content
Sumo Logic

Collect Logs for GitLab App

Learn more about collecting logs for the GitLab App.

This guide provides instructions for collecting logs for the Sumo Logic App for GitLab.

Configuring log collection consists of the following tasks:

  • Configuring a Hosted Collector in Sumo Logic to receive GitLab Events: A Hosted Collector is installed to receive the Webhooks from GitLab. The Webhooks configuration helps to notify the app or web application when certain events occur in GitLab. Using the Webhooks the remote applications do not have to monitor whether changes have occurred

  • Registering a Webhook in GitLab: Webhooks are registered in GitLab for various events by the GitLab administration console.

For information on GitLab webhooks, refer to GitLab documentation

Step 1: Configure Hosted Collector to Receive Webhooks

Create a host collector to receive Webhooks from GitLab and set up an HTTP source on it.

  1. Configure a Hosted Collector, or select an existing hosted collector for the HTTP source.

  2. Configure an HTTP source on the hosted collector.

    • For Source Category, specify GitLab/events.

    • Click +Add Field and provide the following:

      • Field Name. _convertHeadersToFields

      • Value. true

    • Make note of the HTTP address for the source. You will supply it when you configure a GitLab Webhook in the next step.


Step 2: Register Webhook in GitLab

In GitLab, configure a Webhook to connect to your Sumo Logic HTTP Source. You can configure the Webhook at the Project or Group level. Once configured, it will trigger each time one or more subscribed events occur in that Project or Group.

  1. Sign in to your GitLab account.

  2. Go to your Project or Group.

  3. Click Settings > Webhooks.

  4. Enter Webhook form data as follows:

    • URL. Enter the Sumo Logic HTTP Source Address you created in Step 1.

    • Secret Token. Leave blank.

    • Trigger. Tick all checkboxes.

  5. SSL Verification. Check the box to enable.

  6. Click Add Webhook.

Refer this documentation on Webhooks in GitLab to understand more.

Step 3: Enable GitLab Event tagging at Sumo Logic

Sumo Logic needs to understand the event type for incoming events. To enable this, the x-gitlab-event event type needs to be enabled. To enable this, perform the following steps in the Sumo Logic console:

  1. In Sumo Logic, click Manage Data > Logs > Fields.

  2. Add Field ‎x-GitLab-event‎.


Sample Log Messages

For more information about log messages, see GitLab documentation

Query Example

This section provides a sample query from the Opened Merge Requests panel on the GitLab - Merge Requests dashboard.

_sourceCategory="sumo/GitLab" and _collector="GitLab" %"x-GitLab-event"="Merge Request Hook"
|json "object_attributes.state" as merge_request_state
| where merge_request_state="opened"
|json "object_attributes.action" ,"object_attributes.title", "object_attributes.created_at","object_attributes.updated_at","","","object_attributes.merge_when_pipeline_succeeds","object_attributes.url","object_attributes.source_branch","object_attributes.target_branch","",""   as action, title, created_time , updated_time,user,repo_name,branch_deleted, url,source_branch,target_branch,project,merge_request_id nodrop
| where user matches "*" and repo_name matches "*" and project matches "*" and merge_request_id matches "*"  and merge_request_state matches "*"
| where action in ("open","reopen")
| count by repo_name
| sort by _count