You can trigger an Azure Function directly from a Sumo Logic alert by configuring a webhook connection. Once you set up the webhook connection, you'll have the option to use it in a Scheduled Search or Monitor.
For example, you can create a scheduled search that triggers an Azure function when an administrator changes a user’s permissions. This function can then update a database to document the changes for audit purposes.
Create an Azure function
First, create an HTTP-triggered Azure function. For more information, see Azure Functions HTTP triggers and bindings overview.
Create an Azure function using the template HttpTrigger-Powershell.
Copy and paste code of the Azure function into the code field. The following example is an HTTP-triggered PowerShell function:
$requestBody = Get-Content $req -Raw | ConvertFrom-Json
Out-File -Encoding Ascii -FilePath $res -inputObject "Hello Sumo Logic, from Azure Function"
Copy the function URL, as you will need it in the next section.
Create a Webhook connection
You need the Manage connections role capability to create webhook connections.
Configure the Webhook connection to trigger the Azure function:
- Go to Manage Data > Monitoring > Connections.
- On the Connections page click Add.
- Select Azure Functions.
- In the Create Connection dialog, configure:
- Name. Enter the name of the connection.
- (Optional) Description, enter a description for the connection.
- URL. Enter the function URL for the endpoint from the previous section.
- (Optional) Authorization Header, enter an authorization header, which may include an authorization token.
- (Optional) Custom Headers, enter up to five comma separated key-value pairs.
- Payload. Enter a JSON object in the format required. For details on variables that can be used as parameters within your JSON object, see Webhook Payload Variables.
- Click Test Connection. If the connection is made, you will see a 200 OK response message.
- Click Save.