Introduction
Logz.io provides log management and log analysis services. The platform combines ELK as a cloud service and machine learning to derive new insights from machine data.
OpsRamp configuration
Configuration involves the following:
- Installing the integration.
- Configuring the integration.
Step 1: Install the integration
To install:
- From All Clients, select a client.
- Go to Setup > Integrations > Integrations.
- From Available Integrations, select Monitoring > Logz.io.
- Click Install.
Step 2: Configure the integration
To configure the integration:
- From the API tab, provide the following:
- Authentication: Copy Tenant Id, Token and Webhook URL for configuration. These settings are used for creating a HTTP Request template.
- Map Attributes: Provide the mapping information for the third-party.
- From the Monitoring of Integration tab, click Assign Templates.
- From the Audit Logs, set up audit log criteria and time frame.
Configuring the map attributes
To configure the mapping attributes:
- Select the required OpsRamp property from the drop-down.
- Click Add Mapping Attributes to map attributes for the specific OpsRamp alert property.
- Click + to define the mappings.
- From Create Alert Mappings on Status, define the mappings, parsing conditions, and default values.
- Click Save.
The following tables shows the attribute mappings.
Third-Party Entity | OpsRamp Entity | Third-Party Property | OpsRamp Property | Third-Party Property Value | OpsRamp Property Value |
---|---|---|---|---|---|
result.status | alert.currentState | State | Alert | 200 | Success |
uri_query | alert.serviceName | Service Name | Alert | ||
search_name | alert.description | Description | Alert | NA | NA |
app | alert.deviceName | Resource Name | Alert | NA | NA |
result.req_time | alert.alertTime | Time | Alert | NA | NA |
search_name | alert.subject | Subject | Alert | NA | NA |
Note
Attributes can be modified at any time.Logz.io configuration
Configuration involves:
- Configuring alerts endpoints.
- Configuring alerting profiles.
Step 1: Configure alert endpoints
To configure alert endpoints:
- Log into Logz.io Admin UI.
- Go to Alerts & Events > Alert endpoints.
- Select +Add endpoint and provide the following (endpoints help with integrating with other notification systems):
- Type: Select Custom.
- Name: Add a unique name.
- Webhook: Paste the OpsRamp-generated Webhook URL.
- Method: POST
- Headers:
content=type=application/json
- Body (Optional) box: Provide the payload.
- Click Save.
Sample payload:
{
"alert_title": "TestCustom",
"alert_description": "",
"alert_severity": "Medium",
"alert_event_samples": [
{
"request" : "/category/software?from=0",
"agent" : "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
"minor" : "0",
"auth" : "-",
"ident" : "-",
"os_major" : "7",
"type" : "logzio-demo-logs-apache",
"major" : "9",
"clientip" : "32.204.193.86",
"_logzio_sample_logs" : true,
"geoip" : {
"timezone" : "America/Chicago",
"ip" : "32.204.193.86",
"latitude" : 37.751,
"country_name" : "United States",
"country_code2" : "US",
"continent_code" : "NA",
"location" : [ -97.822, 37.751 ],
"longitude" : -97.822
},
"os" : "Windows 7",
"verb" : "GET",
"message" : "32.204.193.86 - - [11/June/2019:00:25:00 +0000] "GET /category/software?from=0 HTTP/1.1" 200 40 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"",
"tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
"referrer" : "-",
"@timestamp" : "2019-11-01T05:55:32.986+0000",
"_logzio_pattern" : 3213531,
"response" : 200,
"bytes" : 40,
"name" : "IE",
"os_name" : "Windows",
"httpversion" : 1.1,
"device" : "Other"
}
{
"request" : "/category/electronics",
"agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)",
"minor" : "0",
"auth" : "-",
"ident" : "-",
"os_major" : "7",
"type" : "logzio-demo-logs-apache",
"major" : "8",
"clientip" : "220.186.227.70",
"_logzio_sample_logs" : true,
"geoip" : {
"timezone" : "Asia/Shanghai",
"ip" : "220.186.227.70",
"latitude" : 30.294,
"country_name" : "China",
"country_code2" : "CN",
"continent_code" : "AS",
"region_name" : "ZJ",
"location" : [ 120.1619, 30.294 ],
"real_region_name" : "Zhejiang",
"longitude" : 120.1619
},
"os" : "Windows 7",
"verb" : "GET",
"message" : "220.186.227.70 - - [11/June/2019:00:24:45 +0000] "GET /category/electronics HTTP/1.1" 200 76 "[http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548](http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548)" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)"",
"tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
"referrer" : ""http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Electronics&oq=Electronics&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=753&bih=548"",
"@timestamp" : "2019-11-01T05:55:32.386+0000",
"_logzio_pattern" : 3213531,
"response" : 200,
"bytes" : 76,
"name" : "IE",
"os_name" : "Windows",
"httpversion" : 1.1,
"device" : "Other"
}
{
"request" : "/category/software?from=20",
"agent" : ""Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"",
"minor" : "0",
"auth" : "-",
"ident" : "-",
"os_major" : "XP",
"type" : "logzio-demo-logs-apache",
"major" : "8",
"clientip" : "32.189.100.196",
"_logzio_sample_logs" : true,
"geoip" : {
"timezone" : "America/Chicago",
"ip" : "32.189.100.196",
"latitude" : 37.751,
"country_name" : "United States",
"country_code2" : "US",
"continent_code" : "NA",
"location" : [ -97.822, 37.751 ],
"longitude" : -97.822
},
"os" : "Windows XP",
"verb" : "GET",
"message" : "32.189.100.196 - - [11/June/2019:00:24:35 +0000] "GET /category/software?from=20 HTTP/1.1" 200 90 "/category/software" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"",
"tags" : [ "_logz_http_bulk_json_8070", "apache-geoip" ],
"referrer" : ""/category/software"",
"@timestamp" : "2019-11-01T05:55:31.982+0000",
"_logzio_pattern" : 3213531,
"response" : 200,
"bytes" : 90,
"name" : "IE",
"os_name" : "Windows",
"httpversion" : 1.1,
"device" : "Other"
}
]
}
Step 2: Configure alert profiles
Alert profiles are created for establishing filtering rules.
To configure alert profiles:
- Go to Logz.io Home and click Kibana.
- Click Create alert and provide the required information. For Actions, provide the previously configured alert endpoint.
- Click Create.
- To edit alert details: go to Alerts & events > Alert definitions.
- To view the triggered alerts from the Logz.io console: go to Alerts & events > Triggered alerts.
What to do next
- View the alerts in OpsRamp.
- Go to Alerts and search for source name.
- Click an Alert ID to view.