Webhook Connection for Microsoft Teams
Webhook connections rely on HTTP endpoints that tell Sumo Logic where to send data. You can set up any number of connections.
Prerequisite
See how to create an incoming webhook in Microsoft's documentation. Make sure that you copy and save the URL from Microsoft, you'll need to provide it to Sumo Logic in the URL input field when you create the Microsoft Teams Connection.
Configuration in Sumo Logic
In Sumo Logic, Scheduled Searches and Monitors send alerts to other tools via webhook connections. To send alerts from Sumo Logic to Microsoft Teams:
- Create a Microsoft Teams Connection.
- Use the Webhook Connection as the Alert Type in a Scheduled Search or the Connection Type in a Monitor.
Create a Microsoft Teams Connection
You need the Manage connections role capability to create webhook connections.
This section demonstrates how to create a webhook connection from Sumo Logic to Microsoft Teams.
In Sumo Logic, go to Manage Data > Monitoring > Connections.
Click + Add and choose Microsoft Teams as the connection type.
Enter a Name and give an optional Description to the connection.
Paste the URL from Microsoft Teams into the URL field.
(Optional) Custom Headers, enter up to five comma separated key-value pairs.
Customize the Activity Title if desired, the default is
Monitor Alert: {{TriggerType}} on {{Name}}
.(Optional) Customize the Activity Subtitle if desired, the default is
Created On Date: {{TriggerTime}}
.(Optional) Customize the Card Text if desired, the default is
{{Description}}
.noteEdits to the Activity Title, Activity Subtitle, and Card Text values are automatically updated in the JSON payload and vice versa.
The following JSON is the default Payload, you can customize it as needed. For details on variables you can use as parameters within your JSON object, see Webhook Payload Variables.
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"themeColor": "#000099",
"summary": "Monitor Alert: {{TriggerType}} on {{Name}}",
"sections": [
{
"activityTitle": "Monitor Alert: {{TriggerType}} on {{Name}}",
"activitySubtitle": "Created On Date: {{TriggerTime}}",
"activityImage": "https://www.sumologic.com/wp-content/uploads/sumo-logic-logo.png",
"text": "{{Description}}",
"facts": [
{
"name": "Monitor Query",
"value": "{{Query}}"
},
{
"name": "Trigger Condition",
"value": "{{TriggerCondition}}"
},
{
"name": "Trigger Value",
"value": "{{TriggerValue}}"
},
{
"name": "Trigger Time Range",
"value": "{{TriggerTimeRange}}"
},
{
"name": "Results",
"value": "{{ResultsJson}}"
}
],
"markdown":"true"
}
],
"potentialAction": [
{
"@type": "OpenUri",
"name": "View Monitor Query",
"targets": [
{
"os": "default",
"uri": "{{QueryURL}}"
}
]
}
]
}Click Save.