Skip to main content
Sumo Logic

Collect Logs for Opsgenie

This page provides instructions for configuring log collection for the Sumo Logic Opsgenie App.

The Sumo Logic Opsgenie App is designed to effectively monitor Opsgenie alerts, team performances, detect any outliers, and track the team's Mean time to repair (MTTR) incidents. With Sumo Logic dashboards you can easily identify: 

  • Alerts by Type Over Time
  • Alerts Created - Outlier
  • Alerts Escalated - Outlier
  • Alerts Breakdown by Team/Priority/Users/Sources/Tags
  • Alerts Created/Closed/Escalated/Acknowledged/Escalated to Next
  • Alerts - One Day Time Comparison
  • Alerts MTTR with additional details

Log Types

Sumo Logic - Opsgenie integration supports the following Alert types:

  • Create
  • AddRecipient
  • Acknowledge
  • AddNote
  • UnAcknowledge
  • EscalateToNext
  • Escalate
  • Close

Collect Logs for Opsgenie

This section explains the log collection process, and then walks you through the steps for configuring log collection for the Sumo Logic App for Opsgenie.

Collection process overview

This page provides instructions for configuring log collection for the Sumo App for OpsGenie. Configuring log collection consists of the following tasks:

  • Setting up an HTTP source—An HTTP Source is an endpoint for receiving log and metric data uploaded to a unique URL generated for the Source.
  • Creating a Webhook integration—Webhook connections allow you to send Sumo Logic alerts to third-party applications that accept incoming Webhooks.
  • Send Opsgenie alerts to Sumo Logic for analysis with the predefined searches and dashboards provided by the Opsgenie App.

Configuring collection

There are two methods for integrating Opsgenie with Sumo Logic:

  • When an action happens at Opsgenie alerts, the webhook data is forwarded to the Sumo Logic and the data appears in the Opsgenie App. This integration method are described in this section.
  • Sumo Logic sends webhook alerts to Opsgenie which acts as a dispatcher for these alerts and determines the right people to notify based on on-call schedules, and notifies them via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until the alert is acknowledged or closed. This data is not utilized by the Opsgenie App, but you can configure this integration by following the instructions provided in this Set Up Webhook Connections document.
To configure log collection for the Opsgenie App, do the following:
  1. Configure a Sumo Logic  HTTP Source. Make a note of the URL for the endpoint, as you will need to enter the endpoint URL in step 3.
  2. Follow the Opsgenie Webhook Integration instructions to create a Webhook integration for the Opsgenie App.
  3. Specify the following parameters to send Opsgenie alerts to Sumo Logic:
  • For Webhook URL field provide Sumo Logic HTTP URL (from step 1).
  • Check Add Alert Description to Payload.
  • Check Add Alert Details to Payload.

The Final Configuration for your integration should look similar to the following example:

Opsgenie_Integration_Settings.png

  1. Optional. Create an Opsgenie - Sumo Logic Webhook integration for each team. Opsgenie Alerts are defined at the Team level. In the following example shows two Webhook Integrations, one for each team.

Opsgenie_Integrations_page.png

Sample Log Message

Different Alert types used by Opsgenie, with sample payloads, are defined here: https://docs.opsgenie.com/docs/sample-alert-action-data

Query Sample

The following query sample is taken from the Alerts by Priority Over Time panel on the Opsgenie - Alerts Breakdown Dashboard:

_sourceCategory="opsgenie/events" Create
| json "alert.createdAt", "alert.description", "alert.message", "action", "alert.team",  
"alert.priority", "alert.source" , "alert.tags[*]","alert.recipients[*]" as created_at, 
description, message, action, team, priority, source, tags, recipients nodrop
| where action = "Create"
| timeslice 1h
| count by _timeslice, priority
| transpose row _timeslice column priority