Skip to main content
Sumo Logic

Collect Logs for PagerDuty V3

This page provides instructions for configuring a Sumo Logic Hosted Collector and HTTP Source to create a PagerDuty Webhook V3, to collect PagerDuty events.

This page provides instructions for configuring a Sumo Logic Hosted Collector and HTTP Source to create a PagerDuty Webhook V3, to collect PagerDuty events. Click a link to jump to a topic:

The Sumo Logic App for PagerDuty V3 ingests PagerDuty incident Webhooks V3 messages, caused by events that occur in your PagerDuty account and Services.

For more information on the incident messages supported in Webhooks V3, see the PagerDuty documentation.

Log example 

For examples of incident.triggered, incident.acknowledged and incident.resolved log messages, see the PagerDuty Webhooks V3 Examples page.

Query example

The following Top Altering Services query is shown on the PagerDuty V3 - Overview dashboard.

_sourceCategory = Labs/pagerduty_v3 "incident.triggered" 
| json "event.event_type","event.data","event.data.created_at" as event,incident,created_on nodrop
| json field=incident "id", "number", "escalation_policy.summary", "service.summary", "status", "title", "urgency", "teams[*].summary", "assignees[*]"  as incident_id, incident_number, escalation_policy_name, alertedBy_service, incident_status, incident_title, incident_urgency,  incident_team_involved, assignee nodrop
| parse regex field=assignee "summary\":\"(?<assigned_user>.+?)\"" multi nodrop
| alertedBy_service as impacted_service
| where event = "incident.triggered" and impacted_service matches "*" and incident_number matches "*" and incident_status matches "*" and incident_title matches "*" and incident_urgency matches "*" 
| count by alertedBy_service
| order by _count

Configure a Sumo Logic Collector and Source

A Hosted Collector is not installed on a local system in your deployment. Instead, Sumo Logic hosts the Collector and its Sources in AWS. With a Hosted Collector, you can create Sources to collect data from various services. A single Hosted Collector can be configured with any number of  Sources.

An HTTP Source is an endpoint for receiving log and metric data uploaded to a unique URL generated for the Source. The URL securely encodes the Collector and Source information. You can add as many HTTP Logs and Metrics Sources as you'd like to a single Hosted Collector.

To configure Hosted Collector and HTTP Source, do the following:

  1. Log in to Sumo Logic.

  2. Follow the instructions for configuring a Hosted Collector.

  3. Follow the instructions for configuring an HTTP Source.

Create a PagerDuty V3 Webhook

Using PagerDuty with Webhooks V3, you receive HTTP callbacks when incident events occur in your PagerDuty account. Details about the events are then sent via HTTP to a URL that you specify.

To create a PagerDuty V3 Webhook, do the following:

  1. Log in to your PagerDuty account.

  2. Navigate to Integrations Generic Webhooks (v3).

  3. Click New Webhook.

  4. Configure your webhook:

    1. Enter the HTTP Source Address URL as the Webhook URL. 

    2. For Scope Type, select Service, Team or Account based on your preferences.

    3. For Scope, select the desired service or team.

    4. Enter a Description.

    5. For Event Subscription, select which events you want to send a webhook.

  5. Click Add Webhook.

     

For more information, see https://support.pagerduty.com/docs/webhooks.

Continue with installing the Sumo Logic App for PagerDuty V3.