# Sumo Logic Integration

With [Sumo Logic](https://www.sumologic.com/) connected to ilert, scheduled searches, analytics queries, or log-based triggers that detect anomalies (e.g., error spikes or suspicious activity) send technical alerts to on-call teams. These alerts initiate escalation flows, enabling fast investigation and resolution.

## In ilert: Create a Sumo Logic alert source <a href="#in-ilert" id="in-ilert"></a>

1. Go to **Alert sources** --> **Alert sources** and click on **Create new alert source**

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FjX0cS4q7woTXKajZmc1W%2FScreenshot%202023-08-28%20at%2010.21.10.png?alt=media&#x26;token=8ef3666b-84eb-4b51-abee-f07303313941" alt=""><figcaption></figcaption></figure>
2. Search for **Sumo Logic** in the search field, click on the Sumo Logic tile and click on **Next**.&#x20;

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FlXzQlJpaTFSR49AZk0xA%2FScreenshot%202023-08-28%20at%2010.24.23.png?alt=media&#x26;token=cffeacb4-57b9-47d4-827d-b0f6b1afd914" alt=""><figcaption></figcaption></figure>
3. Give your alert source a name, optionally assign teams and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FNnuZqONaIhbOf6fn4OkZ%2FScreenshot%202023-08-28%20at%2011.37.47.png?alt=media&#x26;token=8a74f7b5-5bd2-4eea-97fa-1c1dbb041333" alt=""><figcaption></figcaption></figure>
5. Select you [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.&#x20;

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FueugN4JgHn1c90ggFA6u%2FScreenshot%202023-08-28%20at%2011.38.24.png?alt=media&#x26;token=b8009daf-3ca8-4264-a6fa-e42ef7333205" alt=""><figcaption></figcaption></figure>
6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on **Finish setup** for now.
7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2Fi3TIOBvNYBQfDtNpmm0A%2FScreenshot%202023-08-28%20at%2011.47.34.png?alt=media&#x26;token=6cae965a-e448-4443-8c20-37cf501c43b2" alt=""><figcaption></figcaption></figure>

## In Sumo Logic: Create a notification setting <a href="#in-splunk" id="in-splunk"></a>

1. Go to Sumo Logic, then to **Manage Data -> Monitoring**, click on the **Connections** tab and then on the **Add (+)** button

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FNZDBp8eKQ7Icks4m0Xwc%2FSumo%20logic%20connect.png?alt=media&#x26;token=0a1f6fc6-d991-4233-bb83-2d718f7f5615" alt=""><figcaption></figcaption></figure>

2. On the next page, click on the **Webhook** tile

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MVvfIspn2e60d96JQbF%2F-MVvhmYvT0xgZv8vNYcn%2FScreenshot_16_03_21__16_44.png?alt=media\&token=fab09d29-68ba-4eab-8782-4cc5615ca8e4)

3. On the next page, name the connection e.g. ilert, paste the **Webhook URL** that you generated in ilert, in the **Payload** section following payload object, then click on the **Save** button

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MVvfIspn2e60d96JQbF%2F-MVviKhMqyoXinAN4h0h%2FScreenshot_16_03_21__16_47.png?alt=media\&token=5229591e-eaf8-427f-a71b-6bf8f0c51a1e)

```javascript
{
  "Name": "{{Name}}",
  "Description": "{{Description}}",
  "MonitorType": "{{MonitorType}}",
  "Query": "{{Query}}",
  "QueryURL": "{{QueryURL}}",
  "ResultsJson": "{{ResultsJson}}",
  "NumQueryResults": "{{NumQueryResults}}",
  "Id": "{{Id}}",
  "DetectionMethod": "{{DetectionMethod}}",
  "TriggerType": "{{TriggerType}}",
  "TriggerTimeRange": "{{TriggerTimeRange}}",
  "TriggerTime": "{{TriggerTime}}",
  "TriggerCondition": "{{TriggerCondition}}",
  "TriggerValue": "{{TriggerValue}}",
  "TriggerTimeStart": "{{TriggerTimeStart}}",
  "TriggerTimeEnd": "{{TriggerTimeEnd}}",
  "SourceURL": "{{SourceURL}}",
  "SearchName": "{{SearchName}}"
}
```

4. Finished! Your Sumo Logic alerts will now create alerts in ilert.

## FAQ <a href="#faq" id="faq"></a>

**Will alerts in ilert be resolved automatically?**

No, unfortunately, Sumo Logic's notification is not compatible with ilert's resolve event.

**Can I connect Sumo Logic with multiple alert sources from ilert?**

Yes, simply add more connections in Sumo Logic.