Collect logs for PagerDuty V2

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

This page provides instructions for configuring a Sumo Logic Hosted Collector and HTTP Source, and how to create a PagerDuty Webhook V2.

This page provides instructions for configuring a Sumo Logic Hosted Collector and HTTP Source to create a PagerDuty Webhook V2, to collect PagerDuty events. Click a link to jump to a topic:

Event types
Log example
Configure a Sumo Logic Collector and Source
Create a PagerDuty V2 Webhook

Event types

The Sumo Logic App for PagerDuty V2 ingests PagerDuty incident Webhooks V2 messages, caused by events that occur in your PagerDuty account and Services.

For more information on the incident messages supported in Webhooks V2, see the PagerDuty documentation: https ://v2.developer.pagerduty.com/docs/webhooks-v2-overview

Log examples

For examples of incident.trigger, incident.acknowledge, incident.resolve, and incident.assign log messages, see the PagerDuty Webhooks V2 Examples page.

Query example

The following Top Altering Services query is shown on the PagerDuty V2 - Overview dashboard.

_sourceCategory=Labs/pagerduty_v2 "incident.trigger"
| parse regex "(?<event>\{\"event\":\"incident\..+?\}(?=,\{\"event\":\"incident\..+|\]\}$))" multi
| json  field=event "event","log_entries", "created_on", "incident", "webhook"
| json field=incident "id", "incident_number", "escalation_policy.summary", "service.name" , "impacted_services[*].summary", "status", "summary", "description", "title", "urgency", "teams[0].summary", "assignments[0].assignee.summary" as incident_id, incident_number, escalation_policy_name, alertedBy_service, impacted_service, incident_status, incident_summary, incident_description, incident_tittle, incident_urgency,  incident_team_involved, assigned_user
| where event = "incident.trigger"
| count by alertedBy_service
| order by _count

Configure a Sumo Logic Collector and Source

A Hosted Collector is not installed on a local system in your deployment. Instead, Sumo Logic hosts the Collector and its Sources in AWS. With a Hosted Collector, you can create Sources to collect data from various services. A single Hosted Collector can be configured with any number of Sources.

An HTTP Source is an endpoint for receiving log and metric data uploaded to a unique URL generated for the Source. The URL securely encodes the Collector and Source information. You can add as many HTTP Logs and Metrics Sources as you'd like to a single Hosted Collector.

To configure Hosted Collector and HTTP Source, do the following:

Log in to Sumo Logic.
Follow the instruction for configuring a Hosted Collector.
Follow the instruction for configuring an HTTP Source.

Make sure to save the HTTP Source Address URL. You will be asked for this Endpoint URL when you configure the PagerDuty Webhook in the following procedure.

Create a PagerDuty V2 Webhook

Using PagerDuty with Webhooks V2, you receive HTTP callbacks when incident events occur in your PagerDuty account. Details about the events are then sent via HTTP to a URL that you specify.

To create a PagerDuty V2 Webhook, do the following:

Log in to your PagerDuty account.
Use the following instructions to create a Webhook V2:
https://support.pagerduty.com/hc/en-us/articles/202830320-Webhooks-, entering the HTTP Source Address URL as the Endpoint URL in Step 6.
Continue with installing the Sumo Logic App for PagerDuty V2.