Document toolboxDocument toolbox

Sumo Logic

Owned by Jonas Gonzalez
Last updated: Nov 29, 2024
2 min read
[ 1 Connect Sumo Logic with Devo SOAR ] [ 2 Actions for Sumo Logic ] [ 2.1 Execute Queries ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 2.2 CORS Support ] [ 3 Release Notes ]

Sumo Logic is a platform for monitoring, analyzing, troubleshooting, and visualizing data from your application and network environment.

Connect Sumo Logic with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Sumo Logic.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Endpoint URL: URL to your Sumo Logic instance. Example https://api.logichub.com/api/v1

  9. Access Key: Access key for Sumo Logic

  10. Access ID: Access ID for Sumo Logic

  11. After you've entered all the details, click Connect.

Actions for Sumo Logic

Execute Queries

Provides access to resources and log data from third-party scripts and applications.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Query String

Jinja-templated query string.

 

Example: '_sourceCategory={{query}}' or {{query}}.

Required

 

Search Window Column

The ISO 8601 date and time of the time range to start the search.

 

For example, to specify July 16, 2017, use the form YYYY-MM-DDTHH:mm:ss, or 2017-07-16T00:00:00. Can also be milliseconds since epoch.Can also be timezone specific YYYY-MM-DDTHH:mm:ss-HH:mm, or 2017-07-16T00:00:00-4:00. Default: flow-start-time.

Optional

 

Search Window Column

The ISO 8601 date and time of the time range to end the search.

 

For example, to specify July 26, 2017, use the form YYYY-MM-DDTHH:mm:ss, or 2017-07-26T00:00:00. Can also be milliseconds since epoch.Can also be timezone specific YYYY-MM-DDTHH:mm:ss-HH:mm, or 2017-07-16T00:00:00-4:00. Default: flow-end-time.

Optional

 

Offset Column

Return results starting at this offset. If the column name is not specified then the default value of a column is 0.

Optional

Query Result Limit Column

Maximum number of results to return from the API. Used in pagination. If the column name is not specified then the default value of the column is 100.

Optional

Wait For Query Job To Complete

If set true, the client has to wait till the query job is completed. If set false, the client will be given a query job id, which can be used to fetch query result. Default is true.

Optional

Output

Return a list of messages from logs satisfying entered query and other parameters.

CORS Support

We do not set any ORIGIN header in our requests to Sumo. Sumo will accept requests without an origin header so you don't need to put anything in the whitelist when making an api token.

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem