Skip to main content
Sumo Logic

Webhook Connection for PagerDuty

After you set up a Webhook connection in Sumo Logic and create a scheduled search, you can send an alert from that scheduled search as a PagerDuty notification.

You can learn more about the PagerDuty Webhooks in their API Help.

The first step for integrating a Webhook with Sumo Logic is to configure one or more Connections to PagerDuty, which are HTTP endpoints that tell Sumo Logic where to send data. You can setup any number of Connections, depending on your organization's needs.

Set up a Webhook Connection for PagerDuty

  1. Go to Manage > Connections.
  2. On the Connections page click Add.
  3. Click PagerDuty.
  4. In the Create Connection dialog, enter the name of the Connection.
  5. Optional: Enter a description for the Connection.
  6. Enter the URL for the endpoint: https://events.pagerduty.com/generic...ate_event.json
  7. Optional: Enter an Authorization Header, which may include an authorization token. All text entered is included in the header.
    The format is 

    Token token=KdmGgrorGeABCDm1zDdC
    ​where
    KdmGgrorGeABCDm1zDdC
    is the API key.

  8. Under Payload, enter your service key. See the section below on generating a Generic API Service Key in Webhook. Then enter a JSON object in the format required by PagerDuty. For details on variables that can be used as parameters within your JSON object, see Webhook Payload Variables
  1. Click Save.

Create a service key for Webhook

For the service_key field of the payload, you need to generate a Generic API Service Key through the PagerDuty UI:

  1. In your account, under the Services tab, click Add New Service.
  2. Enter a name for the service and select an escalation policy. Then, select Generic API for the Service Type.
  3. Click Add Service.
  4. When the service is created, the service page opens. Use the service key that is displayed to configure the payload as described in the procedure in this topic.

Create a Saved Search for the Webhook PagerDuty Connection

Scheduled searches are saved searches that run automatically at specified intervals. When a scheduled search is configured to send an alert, it can be set to a Connection via a Webhook to PagerDuty.

You can create a brand new search, or you can base a search on an existing saved or scheduled search. If you'd like to use an existing search, you'll need to save the query as a new search to not override the search's current schedule. For instructions, see Scheduled Searches for Webhook Connections.

Before setting up a scheduled search for Webhooks, configure a Webhook Connection.

Create a PagerDuty Incident Report via Webhook

You can use a Webhook to create a PagerDuty incident by using the following payload.

{
    "service_key": "SERVICE KEY",
    "event_type": "trigger",
    "description": "SAMPLE DESCRIPTION",
    "client": "Sumo Logic",
    "client_url": "$SearchQueryUrl",
    "details": {
        "name": "$SearchName",
        "time": "$TimeRange--$FireTime",
        "num": "$NumRawResults",
        "query": "$SearchQuery",
        "agg": "$AggregateResultsJson",
        "raw": "$RawResultsJson"
    }
}