SumoLogic 2.0.0
App Vendor: SumoLogic
App Category: Analytics & SIEM
Connector Version: 2.1.0
API Version: 1.0.0
About App
The SumoLogic app allows security teams to integrate with the SumoLogic enterprise application to create and retrieve search jobs.
The SumoLogic app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Create a Search Job | This action creates a search job. |
Create Lookup Table | This action creates a new lookup table by providing a schema and specifying its configuration. |
Delete Lookup Table Row | This action deletes a row from the lookup table. |
Generic Action | This is a generic action to perform any additional use case on the SumoLogic application. |
Get Lookup Table Contents | This action retrieves a lookup table contents for the given identifier. |
Insert or Update Lookup Table Row | This action inserts or updates a row of a lookup table with the given identifier. |
List Search Records | This action retrieves the records for the given job ID. |
Get Status of a Search Job | This action retrieves the status of a search job. |
Configuration Parameters
The following configuration parameters are required for the SumoLogic app to communicate with the SumoLogic enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Access ID | Enter the access ID for the SumoLogic application. | Text | Required | |
Access Token | Enter the access token for the SumoLogic application. | Password | Required | |
Base URL | Enter the base URL. Example: For regions au, ca, de, eu, fed, in, us2, and jp use For us1 region use | Text | Required |
Action: Create a Search Job
This action creates a search job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the search query. Example: "count _sourcecategory" | Text | Required | |
From Time | Enter the time to start the search in yyyy-mm-ddthh:mm:ss format. Example: "2017-07-26t00:00:00" | Text | Required | |
Until Time | Enter the time to end the search in yyyy-mm-ddthh:mm:ss format. Example: "2017-07-26t00:00:00" | Text | Required | |
Time Zone | Enter the time zone. Example: "ist" | Text | Required | |
Search by Receipt Time | Choose to run the search using the receipt time. Example: $JSON[True] | Boolean | Optional | Allowed values:
Default value: False |
Example Request
[
{
"query": "count _sourcecategory",
"time_from": "2017-07-26t00:00:00",
"time_until": "2017-07-26t00:00:00",
"timezone": "ist",
}
]Action: Create Lookup Table
This action retrieves the records for the given job ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Description | Enter the description of the lookup table. Example: "Example Description" | Text | Required | |
Fields | Enter the list of fields in the lookup table. Example: $JSON[{"fieldname": "fieldname1","fieldtype": "boolean"}] | List | Required | |
Primary Keys | Enter the names of the fields that make up the primary key for the lookup table. Example: $LIST[fieldname1, fieldname2, fieldname3] | List | Required | |
Parent Folder ID | Enter the parent-folder-path identifier of the lookup table in the library. Example: "0000000001c41ee4" | Text | Required | |
Name | Enter the name of the lookup table. Example: "Field Table" | Text | Required | |
Time to Live | Enter the time to live for each entry in the lookup table. | Integer | Optional | Default Value: 0 |
Size Limit Action | Enter the action that needs to be taken when the size limit is reached for the table. | Text | Optional | Default value:
Allowed values:
|
Example Request
[
{
"description":"Example Description",
"fields":[
{
"fieldname":"fieldname1",
"fieldtype":"boolean"
}
],
"primarykeys":[
fieldname1,
fieldname2,
fieldname3
],
"parentfolderid":"0000000001c41ee4",
"name":"Field Table",
"ttl":30,
"sizelimitaction":"stopincomingmessages"
}
]Action: Delete Lookup Table Row
This action deletes a row from the lookup table.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Lookup Table ID | Enter the identifier of the lookup table. Example: "0000000001c41ee4" | Text | Required | |
Primary Keys | Enter the list of all primary key field identifiers and their corresponding values. Example: $JSON[{"columnname": "user_id","columnvalue": "user1"}] | List | Required |
Example Request
[
{
"id":"0000000001c41ee4",
"primarykeys":[
{
"columnname":"user_id",
"columnvalue":"user1"
}
]
}
]Action: Generic Action
This is a generic action to perform any additional use case on the SumoLogic application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Endpoint | Enter the complete endpoint to call. Example: "search/jobs" | Text | Required | |
HTTP Method | Enter the HTTP endpoint method in capitals. Example: "GET" | Text | Required | Allowed values:
|
Request Body | Enter the request body in JSON format. Example: $JSON[{"description": "sample_description","name": "test_1"}] | Any | Optional | |
Query Params | Enter the query parameters to pass. Example: $JSON[{"offset": 0,"limit": 10}] | Any | Optional |
Example Request
[
{
"endpoint":"0000000001c41ee4",
"http_method":"get",
"request_body":[
{
"description":"sample_description",
"name":"test_1"
}
],
"query_params":[
{
"offset":0,
"limit":10
}
]
}
]Action: Get Lookup Table Contents
This action retrieves a lookup table contents for the given identifier.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Lookup Table ID | Enter the identifier of the lookup table. Example: "0000000001c41ee4" | Text | Required |
Example Request
[
{
"id":"0000000001c41ee4"
}
]Action: Insert or Update Lookup Table Row
This action inserts or updates a row of a lookup table with the given identifier.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Lookup Table ID | Enter the identifier of the lookup table. Example: "0000000001c41ee4" | Text | Required | |
Fields | Enter the list of all the field identifiers and their corresponding values. Example: $JSON[{"columnname": "user_id","columnvalue": "user1"}] | List | Required |
Example Request
[
{
"id":"0000000001c41ee4",
"changes":[
{
"columnname":"user_id",
"columnvalue":"user1"
}
]
}
]Action: List Search Records
This action retrieves the records found or produced for the given job ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job ID | Enter the search job ID. Example: "37589506f194fc80" | Text | Required | |
Offset | Enter the value from where you want the record to be started. Example: 4 | Integer | Optional | Default value: 0 |
Limit | Enter the limit. Example: 10 | Integer | Optional | Default value: 1 Maximum limit: 10,000 |
Example Request
[
{
"id":"37589506F194FC80",
"offset":4,
"limit":10
}
]Action: Get Status of a Search Job
This action retrieves the status of a search job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Search Job ID | Enter the search job ID to retrieve the status. Example: "37589506F194FC80" | Text | Required | You can retrieve the Search Job ID using the action Create a Search Job. |
Interval Time | Enter the interval time in seconds for polling. Example: 30 | Integer | Optional | Default value: 25 |
Retry Count | Enter the number of times to poll to retrieve the job details. Example: 4 | Integer | Optional | Default value: 5 Maximum Allowed Value: 100 |
Example Request
[
{
"search_job_id":"37589506F194FC80",
"interval":30,
"retry_count":4
}
]