Skip to main content
Sumo Logic

Webhook Connection for Microsoft Teams

Webhook connections rely on HTTP endpoints that tell Sumo Logic where to send data. You can set up any number of connections. 

Prerequisite

See how to create an incoming webhook in Microsoft's documentation. Make sure that you copy and save the URL from Microsoft, you'll need to provide it to Sumo Logic in the URL input field when you create the Microsoft Teams Connection.

Configuration in Sumo Logic

In Sumo Logic, Scheduled Searches and Monitors send alerts to other tools via webhook connections. To send alerts from Sumo Logic to Microsoft Teams:

  1. Create a Microsoft Teams Connection.
  2. Use the Webhook Connection as the Alert Type in a Scheduled Search or the Connection Type in a Monitor.

Create a Microsoft Teams Connection

This section demonstrates how to create a webhook connection from Sumo Logic to Microsoft Teams.

  1. In Sumo Logic, go to Manage Data > Monitoring > Connections.
  2. Click + Add and choose Microsoft Teams as the connection type.
    Microsoft Teams webhook connection tile.png
  3. Enter a Name and give an optional Description to the connection.
  4. Paste the URL from Microsoft Teams into the URL field.
  5. (Optional) Custom Headers, enter up to five comma separated key-value pairs.
  6. Customize the Activity Title if desired, the default is Monitor Alert: {{TriggerType}} on {{Name}}.
  7. (Optional) Customize the Activity Subtitle if desired, the default is Created On Date: {{TriggerTime}}.
  8. (Optional) Customize the Card Text if desired, the default is {{Description}}.
  9. The following JSON is the default Payload, you can customize it as needed. For details on variables you can use as parameters within your JSON object, see Webhook Payload Variables.

    {
      "@type": "MessageCard",
      "@context": "http://schema.org/extensions",
      "themeColor": "#000099",
      "summary": "Monitor Alert: {{TriggerType}} on {{Name}}",
      "sections": [
        {
          "activityTitle": "Monitor Alert: {{TriggerType}} on {{Name}}",
          "activitySubtitle": "Created On Date: {{TriggerTime}}",
          "activityImage": "https://www.sumologic.com/wp-content/uploads/sumo-logic-logo.png",
          "text": "{{Description}}",
          "facts": [
            {
              "name": "Monitor Query",
              "value": "{{Query}}"
            },
            {
              "name": "Trigger Condition",
              "value": "{{TriggerCondition}}"
            },
            {
              "name": "Trigger Value",
              "value": "{{TriggerValue}}"
            },
            {
              "name": "Trigger Time Range",
              "value": "{{TriggerTimeRange}}"
            },
            {
               "name": "Results",
                "value": "{{ResultsJson}}"
            }
          ],
          "markdown":"true"
        }
      ],
      "potentialAction": [
        {
          "@type": "OpenUri",
          "name": "View Monitor Query",
          "targets": [
            {
              "os": "default",
              "uri": "{{QueryURL}}"
            }
          ]
        }
      ]
    }

     
  10. Click Save.