Skip to main content
Sumo Logic

Webhook Connection for PagerDuty

PagerDuty webhook connections allow you to send alert results as a PagerDuty notification. You can learn more about PagerDuty webhooks in their API Help.

Webhook connections rely on HTTP endpoints that tell Sumo Logic where to send data. You can set up any number of connections. Once you set up the webhook connection you'll have the option to use it in a Scheduled Search or Monitor.

Create a service key for webhook

For the service_key field of the payload, you need to generate a Generic API Service Key through the PagerDuty UI:

  1. In your account, under the Services tab, click Add New Service.
  2. Enter a name for the service and select an escalation policy. Then, select Generic API for the Service Type.
  3. Click Add Service.
  4. When the service is created, the service page opens. Use the service key that is displayed to configure the payload as described in the procedure in this topic.

Set up a webhook connection for PagerDuty

  1. Go to Manage Data > Alerts > Connections.
  2. On the Connections page click Add.
  3. Click PagerDuty.
  4. In the Create Connection dialog, enter the name of the Connection.
  5. (Optional) Enter a Description for the Connection.
  6. Enter the URL for the endpoint: 
    https://events.pagerduty.com/generic/2010-04-15/create_event.json
  7. (Optional) Enter an Authorization Header, which may include an authorization token. All text entered is included in the header.
    The format is: Token token=KdmGgrorGeABCDm1zDdC where KdmGgrorGeABCDm1zDdC is the API key.
  8. (Optional) Custom Headers, enter up to five comma separated key-value pairs.
  9. Under Payload, enter your service key. That you created in the previous section. Then enter a JSON object in the format required by PagerDuty. For details on variables that can be used as parameters within your JSON object, see Webhook Payload Variables
  10. Click Save.

Create a PagerDuty Incident Report via Webhook

Select the webhook connection in a Scheduled Search or Monitor to create a PagerDuty incident and use the following payload.

{
    "service_key": "SERVICE KEY",
    "event_type": "trigger",
    "description": "SAMPLE DESCRIPTION",
    "client": "Sumo Logic",
    "client_url": "{{SearchQueryUrl}}",
    "details": {
        "name": "{{SearchName}}",
        "time": "{{TimeRange}}--{{FireTime}}",
        "num": "{{NumRawResults}}",
        "query": "{{SearchQuery}}",
        "agg": "{{AggregateResultsJson}}",
        "raw": "{{RawResultsJson}}"
    }
}