Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I set the Alias for an alert with SumoLogic integration?

Benj Kamm
Benj Kamm September 12, 2023

I am exploring JSM Standard with OpsGenie Essentials, using the SumoLogic integration (see https://support.atlassian.com/opsgenie/docs/integrate-opsgenie-with-sumo-logic/#Configuration-in-Sumo-Logic).

I need to set an alias on new alerts so that subsequent notifications for the same saved search will not make unneeded noise, but I can't figure out how to do it.

Is there a JSON key I can pass in on the webhook body to set the alias, or some other way to accomplish this?  I've tried using `"Alias"` and `"alias"` and neither seems to work.

Thanks!

Answer
Watch
Like Be the first to like this
527 views

1 answer

1 accepted

0 votes
Answer accepted
John M
John M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 13, 2023

Hi @Benj Kamm ,

You can set the alias value by adding "alias" to the payload along with the value you want to send through. For example, if you wanted to send the Query as the alias, your payload would look like this:

 

{
"AlertName": "{{AlertName}}",
"Description": "{{Description}}",
"action": "create",
"AlertURL": "{{AlertResponseURL}}",
"Query": "{{Query}}",
"QueryURL": "{{QueryURL}}",
"alias": "{{Query}}",
"TriggerTime": "{{TriggerTime}}",
"TriggerTimeRange": "{{TriggerTimeRange}}",
"TriggerCondition": "{{TriggerCondition}}",
"TriggerValue": "{{TriggerValue}}",
"TriggerType": "{{TriggerType}}",
"ResultsJson": "{{ResultsJSON}}",
"DetectionMethod": "{{DetectionMethod}}",
"MonitorType": "{{MonitorType}}",
"NumQueryResults": "{{NumQueryResults}}",
"SourceURL": "{{SourceURL}}"
}
View More Comments
Benj Kamm
Benj Kamm September 13, 2023

@John M Thanks for the response but that doesn't seem to be working for me.

I've set "alias" as you recommended:

 

image.png

 

But in OpsGenie, the alias does not appear to be set - it's still random:

image.png

and I'm getting lots of duplicated alerts created:

image.png

 

Is there something I'm missing?

Like
John M
John M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 13, 2023

Are you sure there is data being sent to that dynamic value? 

Can you remove the dynamic field and try a static value, like 'Test' for the 'alias' field?

Are you using the legacy Sumologic integration?

Like
Benj Kamm
Benj Kamm September 14, 2023

Thanks, John.   I tried your suggestion and replaced `alias` with a constant field and it's still not working.

Curiously, when I look in the integration log in OG, it shows that field as blank suggesting that no data is coming in:

 

image.png

Like
Benj Kamm
Benj Kamm September 14, 2023

(As an aside -- I'm exploring this in part b/c OG support told me there is no way to use the 'alias' or deduplication feature with an email integration on the Essentials plan that is bundled with JSM Standard.  If there's a trick for making that work, it could also help.)

Like
John M
John M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 14, 2023

With the email integration, it wouldn't work because there is no default alias, but for Sumo Logic, the default alias is set to {{alias}} so that would allow for deduplication based on what you send in the alias field.

If you are using a constant and still getting no data in the alias field, that means there is likely an issue with the payload content or how it's being parsed.

Your screenshot shows the parsed version of the payload, however, the debug logs will show separate entries for both the incoming, unprocessed payload, as well at the parsed payload. By viewing the incoming raw data payload, you should be able to see what was received by Opsgenie and that should help you determine why the alias was parsed to an empty string.

Like
Benj Kamm
Benj Kamm September 15, 2023

Thanks for the tip to find the separate logs for the incoming data vs. the parsed data.  That's been helpful and I think it isolates the issue to SL's side so I'll follow up with them.

Separate but related follow-up:  Are there any keys in the incoming payload that can be used to make attachments (e.g. something like `"attachments": [array, of attachments]?   I'm guessing no but thought I'd ask.

Like John M likes this
John M
John M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 15, 2023

@Benj Kamm ,

There is currently no way to add attachments via the integrations (besides the email integration). You would need to use either the API or the UI to add attachments after the alert has been created:

https://docs.opsgenie.com/docs/alert-api-continued#create-alert-attachment

Like
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
TAGS
AUG Leaders

Atlassian Community Events

    See all events