# Sumo Logic Follow the steps below to configure a service so as to extract its related alert data from Sumo Logic. Squadcast will then process this information to create incidents for this service as per your preferences. ### Using Sumo Logic as an Alert Source 1. Navigate to **Services** -> **Service Overview** -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click **Add**. ![](/files/ej4AI9zpOyFu5NZJCbwC) 2\. Select **Sumo Logic.** Copy the displayed **Webhook URL** to [configure](#creating-squadcast-webhook-in-sumo-logic) it within **Sumo Logic.** Finish by clicking **Add Alert Source** -> **Done.** ![](/files/SiQ2KNtI9mzh3xH8MNPd) {% hint style="warning" %} **Important:** When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service. {% endhint %} ### Creating Squadcast Webhook in Sumo Logic With Sumo Logic, the user will have to configure what the payload JSON will be. So, for integrating with Squadcast, we have defined 2 different payload formats. * Log Alerts * Metric Alerts So, we'll create 2 Webhook connections with different payload formats. 1.Login to your sumo logic dashboard and go to the **Settings** tab in the **Manage Data** section. ![](/files/zuP0lm8jbu9Tlkw2anaw){: style="max-width: 70%" } 2.Select the **Connections** tab from the topbar. ![](/files/Dd2Q3WOr9dydZ9zJRTvG) 3.Click on **+** button. ![](/files/kqTZ9GCOJq3dpcRrzqSG) 4.Select **Webhook** option. 5.Add the *Log Alerts* webhook connection. ![](/files/jgymq1t7dNSOS25UFcUO) * Paste the webhook URL copied from the Squadcast dashboard in the URL field. * In the payload field, past the following ```json { "type": "log", "searchName": "{{SearchName}}", "searchDescription": "{{SearchDescription}}", "searchQuery": "{{SearchQuery}}", "searchQueryURL": "{{SearchQueryUrl}}", "timeRange": "{{TimeRange}}", "fireTime": "{{FireTime}}", "aggregateResultsJson": "{{AggregateResultsJson}}", "rawresultsJson": "{{RawResultsJson}}", "numRawResults": "{{NumRawResults}}" } ``` 6. Similarly, add *Metric Alerts* webhook connection. ![](/files/tozhWhNi4gwczFINGna2) * Paste the same webhook URL copied from the Squadcast dashboard in the URL field. * In the payload field, past the following ```json { "type": "metric", "searchName": "{{SearchName}}", "searchDescription": "{{SearchDescription}}", "searchQuery": "{{SearchQuery}}", "searchQueryURL": "{{SearchQueryUrl}}", "timeRange": "{{TimeRange}}", "fireTime": "{{FireTime}}", "alertThreshold": "{{AlertThreshold}}", "alertSource": "{{AlertSource}}", "alertID": "{{AlertID}}", "alertStatus": "{{AlertStatus}}" } ``` ### Setting up Alerting for Logs * Follow the article: [Schedule Searches for Webhook Connections](https://help.sumologic.com/Manage/Connections-and-Integrations/Webhook-Connections/Schedule-Searches-for-Webhook-Connections) for configuring alerts for logs. ![](/files/WSPsFE3rwDgqcF9HV8bx) * In the **Alert Type** drop-down, select **Webhook**. * In the **Connection** drop-down, select **Squadcast Log Alerts**. ### Setting up Alerting for Metrics * Refer the video: [Monitor your Metrics in Real-Time with Sumo Logic Alerts](https://www.youtube.com/watch?v=DfL7SetZ5dc) for configuring alerts for Metrics. ![](/files/suX0rRLErnBVm5CYGkR5) * In the **Send Notification Via** dropdown, select **Squadcast Metric Alerts**. Now, whenever the webhook is triggered for either Log/Metric, an incident is autmatically created in Squadcast. But, the resolving of incident needs to be done manually by going to Squadcast dashboard. *Have any questions?* [*Ask the community*](https://community.squadcast.com/view/home)*.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.squadcast.com/integrations/alert-source-integrations-native/sumo_logic.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.