Sumo Logic 2.0.0
App Vendor: Sumo Logic
App Category: Analytics & SIEM
Connector Version: 2.2.0
API Version: 1.0.0
About App
The Sumo Logic app allows security teams to integrate with the Sumo Logic enterprise application to create and retrieve search jobs.
The Sumo Logic app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Create a Search Job | This action creates a search job. |
Create Lookup Table | This action creates a new lookup table by providing a schema and specifying its configuration. |
Delete Lookup Table Row | This action deletes a row from the lookup table. |
Get Lookup Table Contents | This action retrieves the lookup table contents for the given identifier. |
Get Status of a Search Job | This action retrieves the status of a search job. |
Insert or Update Lookup Table Row | This action inserts or updates a row of a lookup table with the given identifier. |
List Search Records | This action retrieves the records for the given job ID. |
Generic Action | This is a generic action used to make requests to any Sumo Logic endpoint. |
Configuration Parameters
The following configuration parameters are required for the Sumo Logic app to communicate with the Sumo Logic enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Access ID | Enter the access ID for the Sumo Logic application. | Text | Required | |
Access Token | Enter the access token for the Sumo Logic application. | Password | Required | |
Base URL | Enter the base URL. Example: For regions au, ca, de, eu, fed, in, us2, and jp, use For us1 region use | Text | Required | |
Version | Enter the API version. Example: v2 | Text | Optional | Default value: v1 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is not enabled. |
Timeout | Enter the timeout value in seconds. This is the number of seconds requests will wait to connect to Sumo Logic and read the response. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Action: Create a Search Job
This action creates a search job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the search query. Example: count _sourcecategory | Text | Required | |
From Time | Enter the time to start the search in yyyy-mm-ddthh:mm:ss format. Example: 2017-07-26t00:00:00 | Text | Required | |
Auto Parsing Mode | Enter the value to define dynamic JSON log parsing. | Text | Optional | Allowed values: AutoParse, Manual Default value: Manual |
Until Time | Enter the time to end the search in yyyy-mm-ddthh:mm:ss format. Example: 2017-07-26t00:00:00 | Text | Required | |
Time Zone | Enter the time zone. Example: ist | Text | Required | |
Search by Receipt Time | Choose to run the search using the receipt time. Example: True | Boolean | Optional | Allowed values:
Default value: False |
Example Request
[
{
"query": "count _sourcecategory",
"time_from": "2017-07-26t00:00:00",
"time_until": "2017-07-26t00:00:00",
"timezone": "ist",
}
]Action: Create Lookup Table
This action retrieves the records for the given job ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Description | Enter the description of the lookup table. Example: Example Description | Text | Required | |
Fields | Enter the list of fields in the lookup table. Example: $JSON[{"fieldname": "fieldname1","fieldtype": "boolean"}] | List | Required | |
Primary Keys | Enter the names of the fields that make up the primary key for the lookup table. Example: $LIST[fieldname1, fieldname2, fieldname3] | List | Required | |
Parent Folder ID | Enter the parent-folder-path identifier of the lookup table in the library. Example: 0000000001c41ee4 | Text | Required | |
Name | Enter the name of the lookup table. Example: Field Table | Text | Required | |
Time to Live | Enter the time to live for each entry in the lookup table. | Integer | Optional | Default Value: 0 |
Size Limit Action | Enter the action that needs to be taken when the size limit is reached for the table. | Text | Optional | Default value:
Allowed values:
|
Example Request
[
{
"description":"Example Description",
"fields":[
{
"fieldname":"fieldname1",
"fieldtype":"boolean"
}
],
"primarykeys":[
fieldname1,
fieldname2,
fieldname3
],
"parentfolderid":"0000000001c41ee4",
"name":"Field Table",
"ttl":30,
"sizelimitaction":"stopincomingmessages"
}
]Action: Delete Lookup Table Row
This action deletes a row from the lookup table.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Lookup Table ID | Enter the identifier of the lookup table. Example: 0000000001c41ee4 | Text | Required | |
Primary Keys | Enter the list of all primary key field identifiers and their corresponding values. Example: $JSON[{"columnname": "user_id","columnvalue": "user1"}] | List | Required |
Example Request
[
{
"id":"0000000001c41ee4",
"primarykeys":[
{
"columnname":"user_id",
"columnvalue":"user1"
}
]
}
]Action: Generic Action
This is a generic action used to make requests to any Sumo Logic endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Endpoint | Enter the endpoint to make the request to. Example: search/jobs | Text | Required | |
Method | Enter the HTTP method to make the request Example: GET | Text | Required | Allowed values: POST, GET, PUT, DELETE |
JSON Payload | Enter the payload in JSON format. Example: $JSON[{"description": "sample_description","name": "test_1"}] | Any | Optional | |
Query Params | “Enter the query parameters in JSON format. Example: $JSON[{"offset": 0,"limit": 10}] | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key value | Optional | Allowed keys: payload_data, custom_output, download, filename, files, retry_wait, retry_count, and response_type. |
Example Request
[
{
"endpoint":"0000000001c41ee4",
"http_method":"get",
"request_body":[
{
"description":"sample_description",
"name":"test_1"
}
],
"query_params":[
{
"offset":0,
"limit":10
}
]
}
]Action: Get Lookup Table Contents
This action retrieves the lookup table contents for the given identifier.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Lookup Table ID | Enter the identifier of the lookup table. Example: 0000000001c41ee4 | Text | Required |
Example Request
[
{
"id":"0000000001c41ee4"
}
]Action: Insert or Update Lookup Table Row
This action inserts or updates a row of a lookup table with the given identifier.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Lookup Table ID | Enter the identifier of the lookup table. Example: 0000000001c41ee4 | Text | Required | |
Fields | Enter the list of all the field identifiers and their corresponding values. Example: $JSON[{"columnname": "user_id","columnvalue": "user1"}] | List | Required |
Example Request
[
{
"id":"0000000001c41ee4",
"changes":[
{
"columnname":"user_id",
"columnvalue":"user1"
}
]
}
]Action: List Search Records
This action retrieves the records found or produced for the given job ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job ID | Enter the search job ID. Example: 37589506f194fc80 | Text | Required | |
Offset | Enter the value from where you want the record to start. Example: 4 | Integer | Optional | Default value: 0 |
Limit | Enter the limit. Example: 10 | Integer | Optional | Default value: 1 Maximum limit: 10,000 |
Example Request
[
{
"id":"37589506F194FC80",
"offset":4,
"limit":10
}
]Action: Get Status of a Search Job
This action retrieves the status of a search job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Search Job ID | Enter the search job ID to retrieve the status. Example: 37589506F194FC80 | Text | Required | You can retrieve the Search Job ID using the action Create a Search Job. |
Interval Time | Enter the interval time in seconds for polling. Example: 30 | Integer | Optional | Default value: 25 |
Retry Count | Enter the number of times to poll to retrieve the job details. Example: 4 | Integer | Optional | Default value: 5 Maximum Allowed Value: 100 |
Example Request
[
{
"search_job_id":"37589506F194FC80",
"interval":30,
"retry_count":4
}
]