Sumo Logic is industry's leading, secure, cloud-based service for logs & metrics management for modern apps, providing real-time analytics and insights.

What can Zenduty do for Sumo Logic users?

With Sumo Logic's Integration, Zenduty sends new Sumo Logic alerts to the right team and notifies them based on on-call schedules via email, text messages(SMS), phone calls(Voice), Slack, Microsoft Teams and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed. Zenduty provides your NOC, SRE and application engineers with detailed context around the Sumo Logic alert along with playbooks and a complete incident command framework to triage, remediate and resolve incidents with speed.

Whenever Sumo Logic triggers an alert based on a predefined condition, Zenduty will create an incident. When that condition goes back to normal levels, Zenduty will auto-resolve the incident.

You can also use Alert Rules to custom route specific Sumo Logic alerts to specific users, teams or escalation policies, write suppression rules, auto add notes, responders and incident tasks.

To integrate Sumologic with Zenduty, complete the following steps:

In Zenduty:

1. To add a new Sumologic integration, go to Teams on Zenduty and click on the team you want to add the integration to.

2. Next, go to Services and click on the relevant Service.

3. Go to Integrations and then Add New Integration. Give it a name and select the application Sumologic from the dropdown menu.

4. Go to Configure under your integrations and copy the webhooks URL generated.

In Sumologic:

5. After logging in, go to Manage Data -> Monitoring -> Connections tab.

6. Click the + button at the top right of the screen to add a webhook.

   

7. In the URL field, add the Webhook URL copied from before.

8. In the payload section, paste the following:

   {
     "alert_status": "critical",
     "search_name": "{{SearchName}}",
     "search_description": "{{SearchDescription}}",
     "search_query": "{{SearchQuery}}",
     "search_query_url": "{{SearchQueryUrl}}",
     "time_range": "{{TimeRange}}",
     "fire_time": "{{FireTime}}",
     "raw_results_json": "{{RawResultsJson}}",
     "num_raw_results": "{{NumRawResults}}",
     "aggregate_results_json" : "{{AggregateResultsJson}}"
   }
   

   To auto resolve the incident on Zenduty when it got resolved on Sumologic paste the below JSON object Under Recovery Payload:

   {
     "alert_status": "resolved",
     "search_name": "{{SearchName}}",
     "search_description": "{{SearchDescription}}",
     "search_query": "{{SearchQuery}}",
     "search_query_url": "{{SearchQueryUrl}}",
     "time_range": "{{TimeRange}}",
     "fire_time": "{{FireTime}}",
     "raw_results_json": "{{RawResultsJson}}",
     "num_raw_results": "{{NumRawResults}}",
     "aggregate_results_json" : "{{AggregateResultsJson}}"
   }
   

9. Click on Save.

10. Go to the SumoLogic Scheduled Search screen. Click on Save as under your Search query. In the Save Search As section, enter a name for the search.

11. Click Schedule this search.

12. Choose an option from the Run Frequency menu.

13. For Alert Type, choose Webhook. Select Zenduty.

14. Click on Save.

And that's it! The rules should trigger alerts which will then be visible on the Zenduty incidents page.