Webhook not working

Follow

Nathan Collins

• April 05, 2018 03:56

Hi,

I've created a simple test search that looks at failed SSH logins for 'root' - This works fine when triggering on a realtime schedule, I've tested both Email and Send to Index which both work fine.  However, it doesn't seem to work when selecting Webhook as the Alert Type. 

I've created my webhook under data->settings->connections, and tested it there to confirm a HTTP 200 response is received.  Checking the logs on the webserver show that no connection is being made at all from Sumo (aside from the test) , but I'm definitely seeing fresh results from that saved query.

Is there a way to further diagnose this?

1

• Official comment

  

  Nick Wilson

  • April 17, 2018 13:34
  • Edited

  Hi Nathan,

  I would look at a few things here in order to isolate the issue:

  1. Test the search as a real-time alert that sends to email instead of a webhook (it sounds like you did this, but I want to confirm)
  2. Test the search as a scheduled search that sends to the webhook you set up

  If #2 works but #1 doesn't, then it could be a limitation at play with real-time scheduled searches. 

  If #1 works but #2 doesn't, then it's likely the webhook. Double check that you can test the connection and receive a 200 response (which again, it sounds like you've done, but I want to confirm).

  If you're still having trouble, I suggest reaching out to support for further assistance so we can look at this more closely for you.

  Thanks,
  Nick
  Customer Success, Sumo Logic

  Permalink
• 

  Christian Pedersen

  • May 15, 2018 23:21

  I have the same issue. Works when sending to email - webhook doesn't do anything.

  0

  Permalink
• 

  Nathan Collins

  • May 16, 2018 01:33

  Christian, in my case it was a bad payload causing the webhook action to fail.

  Once that was fixed it worked fine, although I'm favoring save to index now as webhooks have no retry logic.

  0

  Permalink

Please sign in to leave a comment.