You can trigger an Azure Function directly from a Sumo Logic alert by configuring a webhook connection. Once you set up the webhook connection you'll have the option to use it in a Scheduled Search or Monitor.
For example, you can create a scheduled search that triggers an Azure function when an administrator changes a user’s permissions. This function can then update a database to document the changes for audit purposes.
Create an Azure function
First, create an HTTP-triggered Azure function. For more information, see: https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook
- Create an Azure function using the template HttpTrigger-Powershell.
- Copy and paste code of the Azure function into the code field. The following example is an HTTP-triggered PowerShell function:
$requestBody = Get-Content $req -Raw | ConvertFrom-Json "Webhook Triggered" $requestBody.text $requestBody.raw $requestBody.num $requestBody.agg Out-File -Encoding Ascii -FilePath $res -inputObject "Hello Sumo Logic, from Azure Function"
- Click Save.
- Copy the function URL, as you will need it in the next section.
Create a Webhook connection
Configure the Webhook connection to trigger the Azure function.
- Go to Manage Data > Alerts > Connections.
- On the Connections page click Add.
- Select Azure Functions.
- In the Create Connection dialog, configure:
- Name. Enter the name of the connection.
- (Optional) Description, enter a description for the connection.
- URL. Enter the function URL for the endpoint from the previous section.
- (Optional) Authorization Header, enter an authorization header, which may include an authorization token.
- (Optional) Custom Headers, enter up to five comma separated key-value pairs.
- Payload. Enter a JSON object in the format required. For details on variables that can be used as parameters within your JSON object, see Webhook Payload Variables.
- Click Test Connection. If the connection is made, you will see a 200 OK response message.
- Click Save.