Skip to main content
Sumo Logic

Collect Logs for PagerDuty V1

This page shows you how to configure a Sumo Logic Collector and Source, and create a PagerDuty Webhook V1.

Configure a Sumo Logic Collector and Source

In Sumo Logic, configure:

  1. A Hosted Collector.
  2. An HTTP Source. When you configure the HTTP Source, make sure to save the HTTP Source Address URL. You will need this to configure the PagerDuty Webhook.  

Create a PagerDuty V1 Webhook

In PagerDuty V1, Webhooks allow you to receive HTTP callbacks when incident events happen in your PagerDuty account. Details about the event are sent via HTTP to a URL that you specify.

In PagerDuty V1, create a Webhook using the following instructions:

https://support.pagerduty.com/hc/en-us/articles/202830320-Webhooks-

The Endpoint URL you are asked to supply in Step 6 is the HTTP Source Address URL from the HTTP Source you configured.  

Sample Log Message

{
   "messages":[
      {
         "type":"incident.trigger",
         "data":{
            "incident":{
               "id":"XYMSSAJ",
               "incident_number":269073,
               "created_on":"02/Oct/2017:17:30:08",
               "status":"acknowledged",
               "pending_actions":[ ],
               "html_url":"https://abc.pagerduty.com/incidents/PCPUCKD",
               "incident_key":"test-umlsstore-umls_ingest_lag_percustomer",
               "service":{
                  "id":"WXZCJPO",
                  "name":"Data Collection",
                  "html_url":"https://abc.pagerduty.com/services/FDDIFGW",
                  "deleted_at":null,
                  "description":""
               },
               "escalation_policy":{
                  "id":"OTWUJRM",
                  "name":"Data Collection Policy",
                  "deleted_at":null
               },
               "assigned_to_user":{
                  "id":"LDDRYMI",
                  "name":"Ben Newton",
                  "email":"Ben@sumologic",
                  "html_url":"https://abc.pagerduty.com/users/ESWMJMB"
               },
               "trigger_summary_data":{
                  "description":"long-rework-4/health/free_space__usr_sumo: Use too much 80.0 % of disk space (max: 80.0 %)"
               },
               "trigger_details_html_url":"https://abc.pagerduty.com/incidents/PCPUCKD/log_entries/Q3D0S9KSL98UNI",
               "trigger_type":"trigger_svc_event",
               "last_status_change_on":"02/Oct/2017:17:30:08",
               "last_status_change_by":null,
               "number_of_escalations":0,
               "assigned_to":[
                  {
                     "at":"02/Oct/2017:17:30:08",
                     "object":{
                        "id":"PR1XYJN",
                        "name":"Ben Newton",
                        "email":"Ben@sumologic",
                        "html_url":"https://abc.pagerduty.com/users/PR1XYJN",
                        "type":"user"
                     }
                  }
               ],
               "urgency":"low"
            }
         },
         "id":"346c0ff0-114d-11e6-afa8-22000a1798ef",
         "created_on":"02/Oct/2017:17:30:08"
      }
   ]
}

Query Sample

Number of Incidents Assigned to Users

_sourceCategory=pagerduty assigned_to "incident.trigger"
| json "messages[0].type", "messages[0].data.incident.id", "messages[0].data.incident.created_on", "messages[0].data.incident.status", "messages[0].data.incident.urgency", "messages[0].data.incident.assigned_to[0].object.name", "messages[0].data.incident.escalation_policy.name", "messages[0].data.incident.service.name", "messages[0].data.incident.trigger_summary_data.description"  as type, incident_id, created_on, incident_status, incident_urgency, assigned_user, escalation_policy_name, service_name, incident_descrition
| where type = "incident.trigger" 
| count by assigned_user, incident_urgency
| transpose row  assigned_user column incident_urgency
| order by assigned_user asc