Skip to main content
Sumo Logic

Webhook Connection for Microsoft Azure Functions

You can trigger an Azure Function directly from a Scheduled Search or metrics monitor by configuring a Webhook Connection in Sumo Logic.

For example, you can create a Scheduled Search that triggers an Azure Function when an administrator changes a user’s permissions. This function can then update a database to document the changes for audit purposes.

Create an Azure Function

First, create an HTTP-triggered Azure function. For more information, see: https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook

  1. Create an Azure Function using the template HttpTrigger-Powershell.
  2. Copy and paste code of the Azure function into the code field. The following example is an HTTP-triggered PowerShell function:
$requestBody = Get-Content $req -Raw | ConvertFrom-Json

"Webhook Triggered"

$requestBody.text
$requestBody.raw
$requestBody.num
$requestBody.agg


Out-File -Encoding Ascii -FilePath $res -inputObject "Hello Sumo Logic, from Azure Function"
  1. Click Save.
  2. Copy the Function URL, as you will need it in the next section.

Create a Webhook Connection

Configure the Webhook Connection to trigger the Azure function.

  1. Go to Manage > Data Configuration > Connections (Manage > Connections in the classic UI).
  2. On the Connections page click Add.
  3. Select Azure Functions.
  4. In the Create Connection dialog, configure:
    1. Name. Enter the name of the connection.
    2. Description (Optional). Enter a description for the connection.
    3. URL. Enter the Function URL for the endpoint from the previous section.
    4. Authorization Header (Optional). Enter an Authorization Header, which may include an authorization token.
    5. Payload. Enter a JSON object in the format required. For details on variables that can be used as parameters within your JSON object, see Webhook Payload Variables
  5. Click Test Connection. If the connection is made, you will see a 200 OK response message.
  6. Click Save.

Create a Scheduled Search

Now, create a Scheduled Search to trigger the Webhook Connection. The following is an example configuration.

  1. Create a search query and click Save As below the search field.
  2. Click Schedule this search.
    1. Run Frequency. Select Hourly.
    2. Time range for scheduled search. Select Last 60 Minutes.
    3. Alert Condition. Select Send notification only if the condition below is satisfied.
    4. Number of results. Enter Greater than >0.
    5. Alert Type. Select Webhook to upload search results to your connection.
    6. Webhook. Select the Webhook you created in the previous section.
    7. Customize Payload (Optional). If needed, select the check box and customize the payload for this search. If you’d like to use the default payload, leave this as-is.
  3. Click Save.

Create a metrics monitor

To trigger the Webhook connection, you can also use a metrics monitor. For instructions, see Metrics Monitors and Alerts