Skip to main content

Webhook Connection for Microsoft Azure Functions

You can trigger an Azure Function directly from a Sumo Logic alert by configuring a webhook connection. Once you set up the webhook connection, you can use it in a Scheduled Search. Currently, Azure functions are not supported in Monitors.

For example, you can create a scheduled search that triggers an Azure function when an administrator changes a user’s permissions. This function can then update a database to document the changes for audit purposes.

Create an Azure function

First, create an HTTP-triggered Azure function. For more information, see Azure Functions HTTP triggers and bindings overview.

  1. Create an Azure function using the template HttpTrigger-PowerShell.
  2. Copy and paste code of the Azure function into the code field. The following example is an HTTP-triggered PowerShell function: 
    $requestBody = Get-Content $req -Raw | ConvertFrom-Json

    "Webhook Triggered"

    $requestBody.text
    $requestBody.raw
    $requestBody.num
    $requestBody.agg

    Out-File -Encoding Ascii -FilePath $res -inputObject "Hello Sumo Logic, from Azure Function"
  3. Click Save.
  4. Copy the function URL, as you will need it in the next section.

Create a Webhook connection

You need the Manage connections role capability to create webhook connections.

Configure the Webhook connection to trigger the Azure function:

  1. Classic UI. In the main Sumo Logic menu, select Manage Data > Monitoring > Connections.
    New UI. In the top menu select Configuration, and then under Monitoring select Connections. You can also click the Go To... menu at the top of the screen and select Connections.
  2. On the Connections page click Add.
  3. Select Azure Functions.
  4. In the Create Connection dialog, configure:
    • Name. Enter the name of the connection.
    • (Optional) Description, enter a description for the connection.
    • URL. Enter the function URL for the endpoint from the previous section.
    • (Optional) Authorization Header, enter an authorization header, which may include an authorization token.
    • (Optional) Custom Headers, enter up to five comma separated key-value pairs.
    • Alert Payload. Enter a JSON object in the format required. For details on variables that can be used as parameters within your JSON object, see Webhook Payload Variables
    • In the Recovery Payload section, you can customize your recovery notification.
  5. To test the connection, click Test Alert or Test Recovery. If successful, you'll see a 200 OK response message.
  6. Click Save.
Edit this page
Last updated on by John Pipkin (Sumo Logic)
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.