The Sumo Logic webinar from January 2016 outlines how to monitor through alerts including various alert types such as email, script actions, ServiceNow integration, webhooks, and saving to index. Key steps for creating alerts involve saving a search, scheduling it, and specifying conditions for alert triggers. Best practices emphasize the importance of actionable, directed, and dynamic alerts to ensure they are meaningful.

1. Sumo Logic Confidential
Monitoring through Alerts
January 2016
How-To Webinar

2. Sumo Logic Confidential
Agenda
Monitoring Through Alerts
Alert Types
Email
Script Action
ServiceNow
Webhooks
Save to Index
Creating Meaningful Alerts

3. Sumo Logic Confidential
Sumo Logic Data Flow
Data Collection Search & Analyze Visualize & Monitor
Alerts
Dashboards
Collectors
Sources
Operators
Charts
1 2 3

4. Sumo Logic Confidential
Alerting
Using a Scheduled Search, you can set Alerts to trigger whenever the search completes
or when a certain condition is met.
Alert types include:
• Email
• Script Action
• ServiceNow Connection
• Webhook
• Save to Index

5. Sumo Logic Confidential
Saving and Scheduling an Alert
1. Save your Search
2. Schedule the
Search
3. Specify frequency and time range
4. Specify Alert condition &
threshold
5. Specify Alert Type and details

6. Sumo Logic Confidential
Alert Type: Email
Email Alert can be sent, based on
Search completion or on meeting a
preset condition
• Email contains a representative sample
of the first 20 rows of your results
• Clickable links provide all results within
the Sumo Logic service
• Note: Max of 120 emails sent per day
Full results
available within the
Sumo Logic service

7. Sumo Logic Confidential
Alert Type: Script Action
Can be used to trigger a custom script hosted on a local server.
Steps to Build Script Action:
1. Add a Script Action to the Installed Collector
2. Define and specify your Script

8. Sumo Logic Confidential
Alert Type: Script Action
Steps to Schedule Script Action:
1. Create, save and schedule the query for the
data in question
2. Select Script Action as your Alert Type and
provide your newly created Script Action
Key Points
• Your script is hosted where your installed collector lives
• Your script has access to the search results (JSON format)
• Your script can call any other scripts
• Good fit for connecting to on-premise systems behind firewall

9. Sumo Logic Confidential
Alert Type: ServiceNow Connection
Integration that creates ServiceNow incident tickets from alerts as well as from
messages in search results
Steps to Set up:
1. Build a ServiceNow Connection
2. Schedule a Search

10. Sumo Logic Confidential
Alert Type: Webhooks
Target systems that support incoming webhook/HTTP alerts. Easy cloud-cloud
integration.
Steps to Set up:
1. Build a Webhook Connection
• Templates for common systems
2. Schedule a Search

11. Sumo Logic Confidential
Alert Type: Save to Index
You can save the results of a search to an index, so your data can be searched at a later
time with increased search performance.
For Example: _index=apache_404
§ Original query has no aggregation
§ Alert saves message detail of each 404 message
§ New index (bucket) contains only 404 messages
Save to Index versus Scheduled View
Whenever possible, use a Scheduled View, as it offers safeguards and management features.
However, if you need to use operators that are restricted in SVs, you can use Save to Index instead.

12. Sumo Logic Confidential
Best Practices: Good Alerts, Bad Alerts
To be meaningful, Alerts should be:
• Actionable – Alerts should have an associated playbook detailing steps to take
• Directed – Alerts should be directed to an individual or group accountable for handling it
• Dynamic – Instead of static thresholds, smart Alerts can track outliers, moving averages
and/or abnormal increases.
• Blog Post: 2 Key Principles for Creating Meaningful Alerts

13. Sumo Logic Confidential
Summary
Alert Types include:
Email
Script Action
ServiceNow
Webhooks
Save to Index
Alerts should be Actionable and Directed
Meaningful Alerts use Dynamic Thresholds