Skip to main content
Sumo Logic

Collect Logs for the Zoom App

This page shows you how to configure event collection for the Zoom App.

This page shows you how to configure event collection for the Zoom App. Zoom uses Webhook events that are grouped into the following core event types:

  • Meeting Events
  • Webinar Events
  • Recording Events
  • Zoom Room Events
  • User Events
  • Account Events

For more information on Zoom Webhook events, see this Zoom web page.

Collection process overview

Configuring event collection for Zoom consists of the following tasks:

  1. Adding a hosted collector and HTTP source.

  2. Configuring Webhooks for event collection.

Step 1. Add a Hosted Collector and HTTP Source

This section demonstrates how to add a hosted Sumo Logic collector and HTTP Logs source, to collect logs for Zoom.

To add a hosted collector and HTTP source, do the following:

  1. Do one of the following:
  • If you already have a Sumo Logic Hosted Collector, identify the one you want to use.
  • Create a new Hosted Collector as described in this document: Configure a Hosted Collector.
  1. Add an  HTTP source for logs, as described in this document: HTTP Metrics and Logs Source.

Step 2. Configure Webhooks for events collection

This section shows you how to configure Webhooks to collect events from Zoom. For more information, see Zoom page Create a Webhook-Only App.

To configure Webhooks for Zoom events collection, do the following:

  1. Go to: https://marketplace.zoom.us/ and login.
  2. In the upper right corner, click Develop > Build App.
  3. Create a Webhook Only App.
  4. Specify the following App Information:
  • App Name
  • Short Description
  • Company Name
  • Developer Name
  • Developer Email Address
  1. Click Continue, and then enable Event Subscriptions.
  2. Click Add new event subscription and provide the following information:
  • Subscription Name (eg: Sumo Logic)
  • Event notification endpoint URL. Provide the Sumo logic endpoint URL from Step 1.
  1. Click Add events and subscribe to all the Webhook Events.
  2. Click Save and then click Continue.
  3. Activate your newly created Webhook Only App.

Sample Log Message

{
    "event":"meeting.participant_left",
    "payload":▼{
            "account_id":"eSqnB7aCS0KKx0_adadb1HQ",
            "object":▼{
                    "duration":60,
                    "start_time":"2020-04-01T19:24:06Z",
                    "timezone":"America/Denver",
                    "topic":"My Meeting",
                    "id":"981802874",
                    "type":2,
                    "uuid":"/m84vL38R3exBtjhvdWxMad==",
                            "participant":▼{
                            "leave_time":"2020-04-01T19:24:20Z",
                            "id":"FDGHUPeiSZGAa6pmYTlpiA",
                            "user_id":"16778240",
                            "user_name":"Test User"
                    },
                    "host_id":"FDGHUPeiSZADa6pmYTlpiA"
            }
    }
}

Query Sample

_sourceCategory=zoom
| json "event", "payload.object.start_time", "payload.object.topic", "payload.object.uuid", "payload.object.id", "payload.object.type", "payload.object.duration" as event, meeting_start_time, topic, meeting_instance_id, meeting_number, meeting_type, meeting_duration nodrop
| where event = "meeting.started"
| "Unknown" as meeting_type_desc
| if (meeting_type == 1, "Instant Meeting", meeting_type_desc) as meeting_type_desc
| if (meeting_type == 2, "Scheduled Meeting", meeting_type_desc) as meeting_type_desc
| if (meeting_type == 3, "Recurring Meeting with No Fixed Time", meeting_type_desc) as meeting_type_desc
| if (meeting_type == 4, "Meeting started with Personal Meeting ID", meeting_type_desc) as meeting_type_desc
| if (meeting_type == 8, "Recurring Meeting with Fixed Time", meeting_type_desc) as meeting_type_desc
| count by meeting_instance_id
| count