Skip to main content
Sumo Logic

Webhook Connection for New Relic

After you set up a Webhook connection in Sumo Logic and create a scheduled search, you can send the results of that scheduled search to New Relic Insights as a custom event.

You can learn more about the New Relic Insights custom events in their API Help.

The first step for integrating a Webhook with Sumo Logic is to configure one or more Connections to New Relic, which are HTTP endpoints that tell Sumo Logic where to send data. You can setup any number of Connections, depending on your organization's needs.

Set up a Webhook Connection for New Relic

  1. Go to Manage Data > Settings > Connections (Manage > Connections in the classic UI).
  2. On the Connections page click Add.
  3. Click New Relic.
  4. In the Create Connection dialog, enter the name of the connection.
  5. Optional: Enter a description for the connection.
  6. Enter the URL for the endpoint (see Create an API Key for New Relic Webhook below): https://insights-collector.newrelic.com/v1/accounts/ACCOUNT_ID/events
  7. Under Insert Key, enter your API Key generated from New Relic Insights (see Create an API Key for New Relic Webhook below).
  8. Customize your Payload to include any information you want to send from your scheduled search to New Relic (see Send Events to New Relic using a Webhook). For details on variables that can be used as parameters within your JSON object, see About Webhook Connections.
  9. Click Save.

Create an API Key for New Relic Webhook

For the Endpoint and Insert Key fields of the webhook, you need to generate an API Key through the New Relic Insights UI:

  1. In your New Relic Insights account, under Manage Data, click API Keys.
  2. Click the Add button next to Insert Key.
  3. Use the Endpoint and Key values for your webhook fields.
  4. Enter an optional Description and click Save Your Notes to register the API Key.

Create a Saved Search for the New Relic Webhook Connection

Scheduled searches are saved searches that run automatically at specified intervals. When a scheduled search is configured to send an alert, it can be sent to a connection via a webhook to New Relic. The results of your search are saved as a custom event in New Relic Insights, which allows you to query and visualize your search results.

You can create a brand new search, or you can base a search on an existing saved or scheduled search. If you'd like to use an existing search, you'll need to save the query as a new search to not override the search's current schedule. For instructions, see Scheduled Searches for Webhook Connections.

Before setting up a scheduled search for Webhooks, configure a Webhook Connection.

Send Events to New Relic Insights using a Webhook

You can use a webhook to send events to New Relic Insights by using the following payload.

{
    "eventType": "$SearchName", 
    "description": "$SearchDescription", 
    "client": "Sumo Logic", 
    "search_url": "$SearchQueryUrl", 
    "num_records": "$NumRawResults", 
    "search_results": "$AggregateResultsJson" 
}

By default, a "timestamp" field will be applied in New Relic Insights when the event is received. To override this, you must specify "timestamp" as a field in your Sumo Logic query (as an unformatted unix timestamp, in seconds or milliseconds relative to the Unix epoch). For example, if you would like your timeslice to be represented in New Relic as the timestamp, you may add the following to your query:

| timeslice 1m
| format ("%s",_timeslice) as timestamp
| count by timestamp