You can trigger an Azure Function directly from a Scheduled Search or metrics monitor by configuring a Webhook Connection in Sumo Logic.
For example, you can create a Scheduled Search that triggers an Azure Function when an administrator changes a user’s permissions. This function can then update a database to document the changes for audit purposes.
Create an Azure Function
First, create an HTTP-triggered Azure function. For more information, see: https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook
- Create an Azure Function using the template HttpTrigger-Powershell.
- Copy and paste code of the Azure function into the code field. The following example is an HTTP-triggered PowerShell function:
$requestBody = Get-Content $req -Raw | ConvertFrom-Json "Webhook Triggered" $requestBody.text $requestBody.raw $requestBody.num $requestBody.agg Out-File -Encoding Ascii -FilePath $res -inputObject "Hello Sumo Logic, from Azure Function"
- Click Save.
- Copy the Function URL, as you will need it in the next section.
Create a Webhook Connection
Configure the Webhook Connection to trigger the Azure function.
- Go to Manage > Data Configuration > Connections (Manage > Connections in the classic UI).
- On the Connections page click Add.
- Select Azure Functions.
- In the Create Connection dialog, configure:
- Name. Enter the name of the connection.
- Description (Optional). Enter a description for the connection.
- URL. Enter the Function URL for the endpoint from the previous section.
- Authorization Header (Optional). Enter an Authorization Header, which may include an authorization token.
- Payload. Enter a JSON object in the format required. For details on variables that can be used as parameters within your JSON object, see Webhook Payload Variables.
- Click Test Connection. If the connection is made, you will see a 200 OK response message.
- Click Save.
Create a Scheduled Search
Now, create a Scheduled Search to trigger the Webhook Connection. The following is an example configuration.
- Create a search query and click Save As below the search field.
- Click Schedule this search.
- Run Frequency. Select Hourly.
- Time range for scheduled search. Select Last 60 Minutes.
- Alert Condition. Select Send notification only if the condition below is satisfied.
- Number of results. Enter Greater than >0.
- Alert Type. Select Webhook to upload search results to your connection.
- Webhook. Select the Webhook you created in the previous section.
- Customize Payload (Optional). If needed, select the check box and customize the payload for this search. If you’d like to use the default payload, leave this as-is.
- Click Save.
Create a metrics monitor
To trigger the Webhook connection, you can also use a metrics monitor. For instructions, see Metrics Monitors and Alerts.