Skip to main content
Sumo Logic

Webhook Connection for Microsoft Azure Functions

You can trigger an Azure Function directly from a scheduled search or metrics monitor by configuring a Webhook Connection in Sumo Logic.

For example, you can create a scheduled search that triggers an Azure function when an administrator changes a user’s permissions. This function can then update a database to document the changes for audit purposes.

Create an Azure function

First, create an HTTP-triggered Azure function. For more information, see: https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook

  1. Create an Azure function using the template HttpTrigger-Powershell.
  2. Copy and paste code of the Azure function into the code field. The following example is an HTTP-triggered PowerShell function:
$requestBody = Get-Content $req -Raw | ConvertFrom-Json

"Webhook Triggered"

$requestBody.text
$requestBody.raw
$requestBody.num
$requestBody.agg


Out-File -Encoding Ascii -FilePath $res -inputObject "Hello Sumo Logic, from Azure Function"
  1. Click Save.
  2. Copy the function URL, as you will need it in the next section.

Create a Webhook connection

Configure the Webhook connection to trigger the Azure function.

  1. Go to Manage Data > Alerts > Connections.
  2. On the Connections page click Add.
  3. Select Azure Functions.
  4. In the Create Connection dialog, configure:
    1. Name. Enter the name of the connection.
    2. (Optional) Description, enter a description for the connection.
    3. URL. Enter the function URL for the endpoint from the previous section.
    4. (Optional) Authorization Header, enter an authorization header, which may include an authorization token.
    5. (Optional) Custom Headers, enter up to five comma separated key-value pairs.
    6. Payload. Enter a JSON object in the format required. For details on variables that can be used as parameters within your JSON object, see Webhook Payload Variables
  5. Click Test Connection. If the connection is made, you will see a 200 OK response message.
  6. Click Save.

Create a scheduled search 

Scheduled searches are saved searches that run automatically at specified intervals. When a scheduled search is configured to send an alert, it can be sent to a connection via a webhook.

You can create a brand new search, or you can base a search on an existing saved or scheduled search. If you'd like to use an existing search, you'll need to save the query as a new search to not override the current schedule of the search. For instructions, see Scheduled Searches for Webhook Connections.

Create a metrics monitor

To trigger the Webhook connection, you can also use a metrics monitor. For instructions, see Metrics Monitors and Alerts