Create Alert when new collector got added.

Follow
Avatar
Ajith Kumar

Hi Team,

 

I am very new to sumologic and started learning stuff but now I have the below query, 

We have managed the service and it's running in AWS. When a customer created a service it uses AMI Image with all pre-set configurations(includes sumologic). New service is automated added to the sumologic collector and we will get a notification if any Load Balancer or Disk Full issue. 

Now my query on Sumologic, How I create an alert when a new collector is added automatically. 

1

Comments

2 comments

Sort by Date Votes
  • Avatar
    Harishwer Selvakumar

    Hello Ajith Kumar,

    Please find the below query to track New Collector creation:

    _index=sumologic_audit_events AND _sourceCategory=collection AND "CollectorCreated"
    | json "eventName", "eventTime", "operator.email", "operator.id", "operator.sourceIp", "operator.interface", "collectorIdentity.collectorName", "collector.ephemeral", "collector.sourceSyncMode", "collector.collectorType", "to", "from" as EventName, EventTime, UserEmail, UserId, UserIp, Interface, CollectorName, IsEphemeral, SourceSyncMode, CollectorType, CurrentValue, PreviousValue nodrop
    | where EventName ="CollectorCreated"
    | count by EventName, EventTime, CollectorName, IsEphemeral, SourceSyncMode, CollectorType, Interface, UserEmail, UserId, UserIp
    | fields -_count

    We also recommend you to check our Enterprise Audit App:

    https://help.sumologic.com/07Sumo-Logic-Apps/26Apps_for_Sumo/Enterprise_Audit_Apps/Install_the_Enterprise_Audit_Apps_and_View_the_Dashboards#Enterprise_Audit_-_Collector_and_Data_Forwarding_Management_App

    Thank you

    Regards
    Harishwer Selvakumar
    Customer Success Engineer - Sumo Logic

    1
    Comment actions Permalink
  • Avatar
    Ajith Kumar

    Thanks Harishwer for your response. The above query helps us. Able to see the instance details but not able to find the AWS Account ID. It will be really helpful if you share the query for the same. 

    1
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post