Skip to main content
Sumo Logic

Collect logs for PagerDuty V2

This page provides instructions for configuring a Sumo Logic Hosted Collector and HTTP Source, and how to create a PagerDuty Webhook V2.

This page provides instructions for configuring a Sumo Logic Hosted Collector and HTTP Source to create a PagerDuty Webhook V2, to collect PagerDuty events. Click a link to jump to a topic:

Event types 

The Sumo Logic App for PagerDuty V2 ingests PagerDuty incident Webhooks V2 messages, caused by events that occur in your PagerDuty account and Services.

For more information on the incident messages supported in Webhooks V2, see the PagerDuty documentation: https://v2.developer.pagerduty.com/docs/webhooks-v2-overview

Log examples

For examples of incident.trigger, incident.acknowledge, incident.resolve, and incident.assign log messages, see the PagerDuty Webhooks V2 Examples page.

Query example

The following Top Altering Services query is shown on the PagerDuty V2 - Overview dashboard.

_sourceCategory=Labs/pagerduty_v2 "incident.trigger"
| parse regex "(?<event>\{\"event\":\"incident\..+?\}(?=,\{\"event\":\"incident\..+|\]\}$))" multi
| json  field=event "event","log_entries", "created_on", "incident", "webhook"
| json field=incident "id", "incident_number", "escalation_policy.summary", "service.name" , "impacted_services[*].summary", "status", "summary", "description", "title", "urgency", "teams[0].summary", "assignments[0].assignee.summary" as incident_id, incident_number, escalation_policy_name, alertedBy_service, impacted_service, incident_status, incident_summary, incident_description, incident_tittle, incident_urgency,  incident_team_involved, assigned_user
| where event = "incident.trigger"
| count by alertedBy_service
| order by _count

Step 1: Configure a Sumo Logic Collector and Source

A Hosted Collector is not installed on a local system in your deployment. Instead, Sumo Logic hosts the Collector and its Sources in AWS. With a Hosted Collector, you can create Sources to collect data from various services. A single Hosted Collector can be configured with any number of  Sources.

An HTTP Source is an endpoint for receiving log and metric data uploaded to a unique URL generated for the Source. The URL securely encodes the Collector and Source information. You can add as many HTTP Logs and Metrics Sources as you'd like to a single Hosted Collector.

To configure Hosted Collector and HTTP Source, do the following:
  1. Log in to Sumo Logic.

  2. Follow the instruction for configuring a Hosted Collector.

  3. Follow the instruction for configuring an  HTTP Source.

Step 2: Create a PagerDuty V2 Webhook

Using PagerDuty with Webhooks V2, you receive HTTP callbacks when incident events occur in your PagerDuty account. Details about the events are then sent via HTTP to a URL that you specify.

To create a PagerDuty V2 Webhook, do the following:
  1. Log in to your PagerDuty account.
  2. Use the following instructions to create a Webhook V2: 
    https://support.pagerduty.com/hc/en-us/articles/202830320-Webhooks-, entering the  HTTP Source Address URL as the Endpoint URL in Step 6.
  3. Continue with installing the Sumo Logic App for PagerDuty V2.