Webhook Connection for SIGNL4
You can set up webhook connections rely on HTTP endpoints that tell Sumo Logic where to send data.
Sumo Logic to SIGNL4 Integration​
Sumo Logic alerts can send webhook alerts to SIGNL4, a mobile alerting and incident management solution that determines the right people to alert based on your on-call schedule, severity, and topic.
To add a Sumo Logic integration in SIGNL4, do the following:
- Go to the SIGNL4 Integration Hub.
- Select an existing webhook integration or create a new one for the Sumo Logic integration.
- In the integration tile, copy the URL including integration or team secret.
You'll need the webhook URL for Sumo Logic configuration, which you'll do in the next section.
You can find more information on the SIGNL4 site.
Configuration in Sumo Logic​
In Sumo Logic, scheduled searches send alerts to other tools via webhook connections. To send alerts from Sumo Logic to SIGNL4:
- Create a Webhook Connection.
- Once you set up the webhook connection, you'll have the option to use it in a Scheduled Search or Monitor.
Create a Webhook Connection​
You need the Manage connections role capability to create webhook connections.
This section demonstrates how to create a webhook connection from Sumo Logic to SIGNL4.
To create a webhook:
- Classic UI. In the main Sumo Logic menu, select Manage Data > Monitoring > Connections.
New UI. In the top menu select Configuration, and then under Monitoring select Connections. You can also click the Go To... menu at the top of the screen and select Connections. - Click + Add and choose Webhook as connection type.
- For the name, enter Sumo Logic SIGNL4 and give an optional description to the connection.
- Paste the SIGNL4 webhook URL (from the step above) into the URL field.
- Enter the following content in the Alert Payload field:
{
"AlertName": "{{AlertName}}",
"Description": "{{Description}}",
"action": "create",
"AlertURL": "{{AlertResponseURL}}",
"Query": "{{Query}}",
"QueryURL": "{{QueryURL}}",
"TriggerTime": "{{TriggerTime}}",
"TriggerTimeRange": "{{TriggerTimeRange}}",
"TriggerCondition": "{{TriggerCondition}}",
"TriggerValue": "{{TriggerValue}}",
"TriggerType": "{{TriggerType}}",
"ResultsJson": "{{ResultsJSON}}",
"DetectionMethod": "{{DetectionMethod}}",
"MonitorType": "{{MonitorType}}",
"NumQueryResults": "{{NumQueryResults}}",
"SourceURL": "{{SourceURL}}",
"X-S4-ExternalID": "{{IncidentKey}}",
"X-S4-Status": "new",
"X-S4-SourceSystem": "SumoLogic"
} - Under the Recovery Payload:
- This part is optional for closing alerts in SIGNL4 if the incident is recovered in Sumo Logic.
{
"X-S4-ExternalID": "{{IncidentKey}}",
"X-S4-Status": "resolved",
"X-S4-SourceSystem": "SumoLogic"
}noteDo not update the
X-S4-...
fields, otherwise recovery notifications will not be generated. - To test the connection, click Test Alert. If successful, you'll see a
201 OK
response message. - Click Save.
Configure a Scheduled Search​
Scheduled searches are saved searches that run automatically at specified intervals. When a scheduled search is configured to send an alert, it can be sent to another tool using a webhook connection.
To set up a scheduled search for a webhook connection follow the steps in Schedule Searches for Webhook Connections.