Skip to main content
Skip table of contents

Use Case: SumoLogic

In this example, we will send a webhook to a data lake on SumoLogic.

Suppose that every day, you want to send a list of newly found VMs, Servers, and Workstations to a dashboard running in SumoLogic.

You could create a query that specified:

  • show all the assets that are either VMs or servers or workstations

  • exclude all assets that are either Kubernetes instances (labeled as “SERVER.SEARCH”) or VM images (labeled as “VM_IMAGE” in Lucidum)

You could then:

  • specify that you want to use the query results in a webhook

  • select the fields to include in the payload of the webhook. For example, for each VM, server, or workstation, you could include fields for the Lucidum Asset Name, Department, Data Category, External Ports, External Services.

  • Specify how frequently to send the webhook

Generating a URL for SumoLogic

  1. In SumoLogic, we created a hosted collector for Lucidum. For details on creating a hosted collector, see the SumoLogic documentation https://help.sumologic.com/docs/send-data/hosted-collectors/configure-hosted-collector .

  2. In SumoLogic, we defined an HTTP source for our Lucidum demo system. For details on creating an http source, see the SumoLogic documentation https://help.sumologic.com/docs/send-data/hosted-collectors/http-source/logs-metrics

  3. We generated a URL for our HTTP source. For details, see https://help.sumologic.com/docs/send-data/hosted-collectors/http-source/generate-new-url/ .

Defining a Webhook Configuration for SumoLogic

To define a webhook configuration for SumoLogic:

  1. In Lucidum, go to Action Center > Edit Configuration.

  2. From the list of Channels, select Webhook.

  3. Click Add Webhook Configuration.

  4. The New Webhook Configuration page appears.

  5. In the New Webhook Configuration page, we entered:

    • Configuration Name. A name that describes the new Webhook configuration. We entered “Sumo Demo Dashboard Data”.

    • webhook_url. The URL on the solution or application that listens for webhooks from Lucidum. This is the URL that we generated in the section on Generating a URL for SumoLogic.

    • Header Key. We accepted the default value “Content-Type”.

    • Header Key Value. We accepted the default value “application/json”.

    • Max request payload records. You can specify a maximum size for the payload. We accepted the The default value, 100 records.

    • Enable SSL Verification is disabled/enabled. Toggles on/off SSL verification. We accepted the default value, “disable”.  

Defining a Query and Webhook Action for SumoLogic

To create a webhook action:

  1. We created the following query:

  2. This query specifies:

    • show all the assets that are either VMs or servers or workstations

    • exclude all assets that are either Kubernetes instances (labeled as “SERVER.SEARCH”) or VM images (labeled as “VM_IMAGE” in Lucidum)

  3. In the Query Builder page, we clicked Show Result.

  4. In the Query Result page, click the kabab icon (…) in the lower right. Choose Create a recurring action with this query.

  5. In the Select Action Type page, we selected Webhook.

  6. The Create a new action page appears.

  7. In the Create a new action page, enter the following:

    • Action Type. This field was pre-populated with Send Webhook.

    • Configuration Name. We selected “Sumo Demo Dashboard Data”, the configuration we defined in the section Defining a Webhook Configuration for SumoLogic.

    • Action Name. Provide a name for the webhook action. We entered “Feed VMs, Servers & Workstations to demo dashboard in Sumo Logic”.

    • Description. Provide a description for the webhook action. This field is optional.

    • Filters. This field is populated with the query you created in step 1. If you need to edit the filter, the Edit Filter displays the Query Builder, where you can re-define the query.

    • Schedule Settings. The options in this field specify how frequently to send the webhook. We specified that we want to send the webhook every day at midnight.

    • Do not trigger the action unless. If you selected Recurrence in the Schedule Settings field, this field appears. We specified “if there are not records in the query results, don’t send the webhook”.

    • Output Fields. We selected a custom list of fields to include in the webhook payload.

    • Payload template. This field formats the webhook payload before sending it. We accepted the default template.

    • Dedup previous jobs. In this field, you specify whether you want duplicates of asset IDs (if your query is for assets) or user IDs (if your query is for users). We specfieid “0” (zero), so Lucidum includes all the records from the query in each delivery of the webhook.

  8. Click Save Changes.

Viewing Lucidum Data on SumoLogic

We can see the following Lucidum data in the Messages tab in SumoLogic:

Using Lucidum Data in SumoLogic Dashboards

The following SumoLogic dashboard uses data from Lucidum:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close