Collect logs for PagerDuty V2
This page provides instructions for configuring a Sumo Logic Hosted Collector and HTTP Source to create a PagerDuty Webhook V2, to collect PagerDuty events. Click a link to jump to a topic:
- Event types
- Log example
- Step 1: Configure a Sumo Logic Collector and Source
- Step 2: Create a PagerDuty V2 Webhook
Event types
The Sumo Logic App for PagerDuty V2 ingests PagerDuty incident Webhooks V2 messages, caused by events that occur in your PagerDuty account and Services.
For more information on the incident messages supported in Webhooks V2, see the PagerDuty documentation: https://v2.developer.pagerduty.com/docs/webhooks-v2-overview
Log examples
For examples of incident.trigger, incident.acknowledge, incident.resolve, and incident.assign log messages, see the PagerDuty Webhooks V2 Examples page.
Query example
The following Top Altering Services query is shown on the PagerDuty V2 - Overview dashboard.
_sourceCategory=Labs/pagerduty_v2 "incident.trigger" | parse regex "(?<event>\{\"event\":\"incident\..+?\}(?=,\{\"event\":\"incident\..+|\]\}$))" multi | json field=event "event","log_entries", "created_on", "incident", "webhook" | json field=incident "id", "incident_number", "escalation_policy.summary", "service.name" , "impacted_services[*].summary", "status", "summary", "description", "title", "urgency", "teams[0].summary", "assignments[0].assignee.summary" as incident_id, incident_number, escalation_policy_name, alertedBy_service, impacted_service, incident_status, incident_summary, incident_description, incident_tittle, incident_urgency, incident_team_involved, assigned_user | where event = "incident.trigger" | count by alertedBy_service | order by _count
Step 1: Configure a Sumo Logic Collector and Source
A Hosted Collector is not installed on a local system in your deployment. Instead, Sumo Logic hosts the Collector and its Sources in AWS. With a Hosted Collector, you can create Sources to collect data from various services. A single Hosted Collector can be configured with any number of Sources.
An HTTP Source is an endpoint for receiving log and metric data uploaded to a unique URL generated for the Source. The URL securely encodes the Collector and Source information. You can add as many HTTP Logs and Metrics Sources as you'd like to a single Hosted Collector.
To configure Hosted Collector and HTTP Source, do the following:
-
Log in to Sumo Logic.
-
Follow the instruction for configuring a Hosted Collector.
-
Follow the instruction for configuring an HTTP Source.
Step 2: Create a PagerDuty V2 Webhook
Using PagerDuty with Webhooks V2, you receive HTTP callbacks when incident events occur in your PagerDuty account. Details about the events are then sent via HTTP to a URL that you specify.
To create a PagerDuty V2 Webhook, do the following:
- Log in to your PagerDuty account.
- Use the following instructions to create a Webhook V2:
https://support.pagerduty.com/hc/en-us/articles/202830320-Webhooks-, entering the HTTP Source Address URL as the Endpoint URL in Step 6. - Continue with installing the Sumo Logic App for PagerDuty V2.