Skip to main content
Sumo Logic

Webhook Connection for New Relic

New Relic webhook connections allow you to send alert results to New Relic as a custom event (Insight). You can learn more about the New Relic Insights custom events in their API Help.

Webhook connections rely on HTTP endpoints that tell Sumo Logic where to send data. You can set up any number of connections.

Once you set up the webhook connection you'll have the option to use it in a Scheduled Search or Monitor.

Set up a webhook connection for New Relic

  1. Go to Manage Data > Alerts > Connections.
  2. On the Connections page click Add.
  3. Click New Relic.
  4. In the Create Connection dialog, enter the name of the connection.
  5. (Optional) Enter a Description for the connection.
  6. Enter the URL for the endpoint (see Create an API Key for New Relic Webhook below): https://insights-collector.newrelic.com/v1/accounts/ACCOUNT_ID/events
  7. Under Insert Key, enter your API Key generated from New Relic Insights (see Create an API Key for New Relic Webhook below).
  8. (Optional) Custom Headers, enter up to five comma separated key-value pairs.
  9. Customize your Payload to include any information you want to send from your scheduled search to New Relic (see Send Events to New Relic using a Webhook). For details on variables that can be used as parameters within your JSON object, see webhook payload variables.
  10. Click Save.

Create an API key for New Relic webhook

For the Endpoint and Insert Key fields of the webhook, you need to generate an API Key through the New Relic Insights UI:

  1. In your New Relic Insights account, under Manage Data, click API Keys.
  2. Click the Add button next to Insert Key.
  3. Use the Endpoint and Key values for your webhook fields.
  4. Enter an optional Description and click Save Your Notes to register the API Key.

Send Events to New Relic Insights using a Webhook

Select the webhook connection in a Scheduled Search or Monitor to send events to New Relic Insights and use the following payload.

{
    "eventType": "{{SearchName}}", 
    "description": "{{SearchDescription}}", 
    "client": "Sumo Logic", 
    "search_url": "{{SearchQueryUrl}}", 
    "num_records": "{{NumRawResults}}", 
    "search_results": "{{AggregateResultsJson}}" 
}

Your payload must include "eventType" and "search_results" as parameters.

  • For "eventType", the SearchName can be a combination of alphanumeric characters, underscores _, and colons :. Special characters are not allowed.
  • For "search_results," you must use either AggregateResultsJson or RawResultsJson as a variable.

A maximum of 200 results can be sent for AggregateResultsJson, and 10 results for RawResultsJson. For more information, see About Webhook Connections.

By default, a "timestamp" field will be applied in New Relic Insights when the event is received. To override this, you must specify "timestamp" as a field in your Sumo Logic query (as an unformatted Unix timestamp, in seconds or milliseconds relative to the Unix epoch). For example, if you would like your timeslice to be represented in New Relic as the timestamp, you may add the following to your query:

| timeslice 1m
| format ("%s",_timeslice) as timestamp
| count by timestamp