Skip to main content
Sumo Logic

Collect Logs for PagerDuty

Steps to configure a Sumo Logic Collector and Source, and to create a PagerDuty Webhook.

Configure a Sumo Logic Collector and Source

In Sumo Logic, configure:

  1. A Hosted Collector.
  2. An HTTP Source. When you configure the HTTP Source, make sure to save the HTTP Source Address URL. You will need this to configure the PagerDuty Webhook.  

Create a PagerDuty Webhook

In PagerDuty, Webhooks allow you to receive HTTP callbacks when incident events happen in your PagerDuty account. Details about the event are sent via HTTP to a URL that you specify.

In PagerDuty, create a Webhook using the instructions here:

https://support.pagerduty.com/hc/en-us/articles/202830320-Webhooks-

The Endpoint URL you are asked to supply in Step 6 is the HTTP Source Address URL from the HTTP Source you configured.  

Sample Log Message

{
   "messages":[
      {
         "type":"incident.trigger",
         "data":{
            "incident":{
               "id":"XYMSSAJ",
               "incident_number":269073,
               "created_on":"02/Oct/2017:17:30:08",
               "status":"acknowledged",
               "pending_actions":[ ],
               "html_url":"https://abc.pagerduty.com/incidents/PCPUCKD",
               "incident_key":"test-umlsstore-umls_ingest_lag_percustomer",
               "service":{
                  "id":"WXZCJPO",
                  "name":"Data Collection",
                  "html_url":"https://abc.pagerduty.com/services/FDDIFGW",
                  "deleted_at":null,
                  "description":""
               },
               "escalation_policy":{
                  "id":"OTWUJRM",
                  "name":"Data Collection Policy",
                  "deleted_at":null
               },
               "assigned_to_user":{
                  "id":"LDDRYMI",
                  "name":"Ben Newton",
                  "email":"Ben@sumologic",
                  "html_url":"https://abc.pagerduty.com/users/ESWMJMB"
               },
               "trigger_summary_data":{
                  "description":"long-rework-4/health/free_space__usr_sumo: Use too much 80.0 % of disk space (max: 80.0 %)"
               },
               "trigger_details_html_url":"https://abc.pagerduty.com/incidents/PCPUCKD/log_entries/Q3D0S9KSL98UNI",
               "trigger_type":"trigger_svc_event",
               "last_status_change_on":"02/Oct/2017:17:30:08",
               "last_status_change_by":null,
               "number_of_escalations":0,
               "assigned_to":[
                  {
                     "at":"02/Oct/2017:17:30:08",
                     "object":{
                        "id":"PR1XYJN",
                        "name":"Ben Newton",
                        "email":"Ben@sumologic",
                        "html_url":"https://abc.pagerduty.com/users/PR1XYJN",
                        "type":"user"
                     }
                  }
               ],
               "urgency":"low"
            }
         },
         "id":"346c0ff0-114d-11e6-afa8-22000a1798ef",
         "created_on":"02/Oct/2017:17:30:08"
      }
   ]
}

Query Sample

Number of Incidents Assigned to Users

_sourceCategory=pagerduty assigned_to "incident.trigger"
| json "messages[0].type", "messages[0].data.incident.id", "messages[0].data.incident.created_on", "messages[0].data.incident.status", "messages[0].data.incident.urgency", "messages[0].data.incident.assigned_to[0].object.name", "messages[0].data.incident.escalation_policy.name", "messages[0].data.incident.service.name", "messages[0].data.incident.trigger_summary_data.description"  as type, incident_id, created_on, incident_status, incident_urgency, assigned_user, escalation_policy_name, service_name, incident_descrition
| where type = "incident.trigger" 
| count by assigned_user, incident_urgency
| transpose row  assigned_user column incident_urgency
| order by assigned_user asc