Webhook Connection for Microsoft Teams
Webhook connections rely on HTTP endpoints that tell Sumo Logic where to send data. You can set up any number of connections.
Prerequisite
See how to create an incoming webhook in Microsoft's documentation. Make sure that you copy and save the URL from Microsoft, you'll need to provide it to Sumo Logic in the URL input field when you create the Microsoft Teams Connection.
Configuration in Sumo Logic
In Sumo Logic, Scheduled Searches and Monitors send alerts to other tools via webhook connections. To send alerts from Sumo Logic to Microsoft Teams:
- Create a Microsoft Teams Connection.
- Use the Webhook Connection as the Alert Type in a Scheduled Search or the Connection Type in a Monitor.
Create a Microsoft Teams Connection
note
You need the Manage connections role capability to create webhook connections.
This section demonstrates how to create a webhook connection from Sumo Logic to Microsoft Teams using Microsoft's Workflows.
- Classic UI. In the main Sumo Logic menu, select Manage Data > Monitoring > Connections.
New UI. In the top menu select Configuration, and then under Monitoring select Connections. You can also click the Go To... menu at the top of the screen and select Connections. - Click + Add and choose Microsoft Teams as the connection type.
- Enter a Name and give an optional Description to the connection.
- Paste the URL from Microsoft Teams into the URL field.
- (Optional) Custom Headers, enter up to five comma separated key-value pairs.
- (Optional) Customize the alert and resolution payloads to include just the information you need.
One helpful tool to preview changes is Microsoft's Adaptive Card Designer. The best way to use the tool is to copy the contents of the
"content"field (including the enclosing curly braces) from the below default payload and work from there. - The following JSON is the default Alert Payload, which you can customize as needed. For details on variables you can use as parameters within your JSON object, see Configure Webhook payload variables.
{
"type": "message",
"attachments": [
{
"contentType": "application/vnd.microsoft.card.adaptive",
"contentUrl": null,
"content": {
"type": "AdaptiveCard",
"body": [
{
"type": "ColumnSet",
"columns": [
{
"type": "Column",
"items": [
{
"type": "Image",
"style": "Person",
"url": "https://www.sumologic.com/wp-content/uploads/sumo-logic-logo.png",
"altText": "Sumo Logic",
"size": "Small"
}
],
"width": "auto"
},
{
"type": "Column",
"width": "stretch",
"items": [
{
"type": "TextBlock",
"spacing": "None",
"text": "Monitor Alert: {{TriggerType}} on {{Name}}",
"weight": "Bolder",
"wrap": true
},
{
"type": "TextBlock",
"text": "Created On Date: {{TriggerTime}}",
"wrap": true
}
]
}
]
},
{
"type": "FactSet",
"facts": [
{
"title": "Description",
"value": "{{Description}}"
},
{
"title": "Monitor Query",
"value": "{{Query}}"
},
{
"title": "Trigger Condition",
"value": "{{TriggerCondition}}"
},
{
"title": "Trigger Value",
"value": "{{TriggerValue}}"
},
{
"title": "Trigger Time Range",
"value": "{{TriggerTimeRange}}"
},
{
"title": "Results",
"value": "{{ResultsJson}}"
}
]
}
],
"schema": "http://adaptivecards.io/schemas/adaptive-card.json",
"version": "1.4",
"actions": [
{
"type": "Action.OpenUrl",
"title": "View Alert",
"url": "{{AlertResponseURL}}"
}
]
}
}
]
} - In the Recovery Payload section, you can customize your recovery notification. Here is the default payload:
{
"type": "message",
"attachments": [
{
"contentType": "application/vnd.microsoft.card.adaptive",
"contentUrl": null,
"content": {
"type": "AdaptiveCard",
"body": [
{
"type": "ColumnSet",
"columns": [
{
"type": "Column",
"items": [
{
"type": "Image",
"style": "Person",
"url": "https://www.sumologic.com/wp-content/uploads/sumo-logic-logo.png",
"altText": "Sumo Logic",
"size": "Small"
}
],
"width": "auto"
},
{
"type": "Column",
"width": "stretch",
"items": [
{
"type": "TextBlock",
"spacing": "None",
"text": "Monitor Alert: {{TriggerType}} on {{Name}}",
"weight": "Bolder",
"wrap": true
},
{
"type": "TextBlock",
"text": "Created On Date: {{TriggerTime}}",
"wrap": true
}
]
}
]
},
{
"type": "FactSet",
"facts": [
{
"title": "Description",
"value": "{{Description}}"
},
{
"title": "Monitor Query",
"value": "{{Query}}"
},
{
"title": "Trigger Condition",
"value": "{{TriggerCondition}}"
},
{
"title": "Trigger Value",
"value": "{{TriggerValue}}"
},
{
"title": "Trigger Time Range",
"value": "{{TriggerTimeRange}}"
},
{
"title": "Results",
"value": "{{ResultsJson}}"
}
]
}
],
"schema": "http://adaptivecards.io/schemas/adaptive-card.json",
"version": "1.4",
"actions": [
{
"type": "Action.OpenUrl",
"title": "View Alert",
"url": "{{AlertResponseURL}}"
}
]
}
}
]
} - To test the connection, click Test Alert or Test Recovery. If the message is sent to Teams successfully, you'll see a
202response message. Check Teams to ensure the message appears as expected. - Click Save.
Create a Microsoft Teams Connection using Connectors
This section demonstrates how to create a webhook connection from Sumo Logic to Microsoft Teams using Microsoft's Connectors.
Microsoft has announced that using Connectors for integration is on the path to deprecation. The suggested way to integrate is by using Workflows. If you still require integration using a Connector, follow the directions above but substitute the following default payloads:
- The following JSON is the default Alert Payload, which you can customize as needed. For details on variables you can use as parameters within your JSON object, see Configure Webhook payload variables.
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"themeColor": "#000099",
"summary": "Monitor Alert: {{TriggerType}} on {{Name}}",
"sections": [
{
"activityTitle": "Monitor Alert: {{TriggerType}} on {{Name}}",
"activitySubtitle": "Created On Date: {{TriggerTime}}",
"activityImage": "https://www.sumologic.com/wp-content/uploads/sumo-logic-logo.png",
"text": "{{Description}}",
"facts": [
{
"name": "Monitor Query",
"value": "{{Query}}"
},
{
"name": "Trigger Condition",
"value": "{{TriggerCondition}}"
},
{
"name": "Trigger Value",
"value": "{{TriggerValue}}"
},
{
"name": "Trigger Time Range",
"value": "{{TriggerTimeRange}}"
},
{
"name": "Results",
"value": "{{ResultsJson}}"
}
],
"markdown":"true"
}
],
"potentialAction": [
{
"@type": "OpenUri",
"name": "View Monitor Query",
"targets": [
{
"os": "default",
"uri": "{{QueryURL}}"
}
]
}
]
} - In the Recovery Payload section, you can customize your recovery notification. Here is the default payload:
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"themeColor": "569E0D",
"summary": "Monitor Alert: {{TriggerType}} on {{AlertName}}",
"sections": [{
"activityTitle": "Monitor Alert: {{TriggerType}} on {{AlertName}}",
"activitySubtitle": "Created On Date : {{TriggerTime}}",
"activityImage": "https://www.sumologic.com/wp-content/uploads/sumo-logic-logo.png",
"text": "The monitor has resolved",
"facts": [{
"name": "Monitor Query",
"value": "{{Query}}"
}, {
"name": "Resolution Condition",
"value": "{{TriggerCondition}}"
},
{
"name": "Resolution Value",
"value": "{{TriggerValue}}"
},
{
"name": "Resolution Time Range",
"value": "{{TriggerTimeRange}}"
}
],
"markdown": true
}],
"potentialAction": [{
"@type": "OpenUri",
"name": "View Monitor Query",
"targets": [{
"os": "default",
"uri": "{{QueryURL}}"
}]
}]
}