Webhook not working

April 05, 2018 03:56

Hi,

I've created a simple test search that looks at failed SSH logins for 'root' - This works fine when triggering on a realtime schedule, I've tested both Email and Send to Index which both work fine. However, it doesn't seem to work when selecting Webhook as the Alert Type.

I've created my webhook under data->settings->connections, and tested it there to confirm a HTTP 200 response is received. Checking the logs on the webserver show that no connection is being made at all from Sumo (aside from the test) , but I'm definitely seeing fresh results from that saved query.

Is there a way to further diagnose this?

Comments

3 comments

Official comment
Nick Wilson

April 17, 2018 13:34

Edited
Hi Nathan,

I would look at a few things here in order to isolate the issue:
1. Test the search as a real-time alert that sends to email instead of a webhook (it sounds like you did this, but I want to confirm)
2. Test the search as a scheduled search that sends to the webhook you set up
If #2 works but #1 doesn't, then it could be a limitation at play with real-time scheduled searches.

If #1 works but #2 doesn't, then it's likely the webhook. Double check that you can test the connection and receive a 200 response (which again, it sounds like you've done, but I want to confirm).

If you're still having trouble, I suggest reaching out to support for further assistance so we can look at this more closely for you.

Thanks,
Nick
Customer Success, Sumo Logic
Comment actions Permalink
Christian Owner

May 15, 2018 23:21
I have the same issue. Works when sending to email - webhook doesn't do anything.
0

Comment actions Permalink
Nathan Collins

May 16, 2018 01:33
Christian, in my case it was a bad payload causing the webhook action to fail.

Once that was fixed it worked fine, although I'm favoring save to index now as webhooks have no retry logic.
0

Comment actions Permalink

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?