/terraform-sumologic-sumo-logic-monitor

Package to setup SumoLogic Alert Monitors via Terraform

Primary LanguageHCLApache License 2.0Apache-2.0

terraform-sumologic-sumo-logic-monitor

Configure Sumo Logic Monitors using Terraform modules.

This module configures/creates monitors as per configurations.

This repository also contains predefined alerts for various technologies. Scroll to the bottom of this readme to find out more details.

Getting Started

Requirements

  • Terraform 0.13+

  • Sumo Logic Provider

    Create a versions.tf file and add the requirements in the following format:

    terraform {
      required_version = ">= 0.13"
    
      required_providers {
           sumologic = {
                version = ">= 2.6.2"
                source = "SumoLogic/sumologic"
        }
      }
    }

Sumo Logic Provider

provider "sumologic" {
  access_id   = "<SUMOLOGIC ACCESS ID>"
  access_key  = "<SUMOLOGIC ACCESS KEY>"
  environment = "<SUMOLOGIC DEPLOYMENT>"
}

You can also define these values in terraform.tfvars.

Optional Prerequisites

Sumo Logic monitors can be configured in a folder.

Configure the monitor folder resource as below:

resource "sumologic_monitor_folder" "tf_monitor_folder_1" {
    name = "Terraform Managed Folder"
    description = "A folder for Monitors"
}

In the module declaration, pass the folder id as sumologic_monitor_folder.tf_monitor_folder_1.id.

Module Declaration Examples

Logs Monitor Example

module "sumologic-logs-monitor" {
  source                    = "SumoLogic/sumo-logic-monitor/sumologic"
  version                   = "{revision}"
  monitor_name                = "Logs Monitor"
  monitor_description         = "Sample Logs Monitor"
  monitor_monitor_type        = "Logs"
  monitor_parent_id           = sumologic_monitor_folder.tf_monitor_folder_1.id

  # Queries - Only one query is allowed for Logs monitor
  queries = {
    A = "<Logs Query>"
  }

  # Triggers
  triggers = [
              {
                  threshold_type        = "GreaterThanOrEqual",
                  threshold             = 0,
                  time_range            = "5m",
                  occurrence_type       = "ResultCount", # Options: ResultCount and MissingData for logs
                  trigger_source        = "AllResults", # Options: AllResults for logs.
                  trigger_type          = "Critical",
                  detection_method      = "StaticCondition"
                },
                {
                  threshold_type        = "LessThan",
                  threshold             = 0,
                  time_range            = "5m",
                  occurrence_type       = "ResultCount", # Options: ResultCount and MissingData for logs
                  trigger_source        = "AllResults", # Options: AllResults for logs.
                  trigger_type          = "ResolvedCritical",
                  detection_method      = "StaticCondition"
                }
            ]

  # Notifications
  group_notifications      = true
  connection_notifications = [
    {
      connection_type       = "PagerDuty",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "{\"service_key\": \"your_pagerduty_api_integration_key\",\"event_type\": \"trigger\",\"description\": \"Alert: Triggered {{TriggerType}} for Monitor {{Name}}\",\"client\": \"Sumo Logic\",\"client_url\": \"{{QueryUrl}}\"}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    },
    {
      connection_type       = "Webhook",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]
  email_notifications = [
    {
      connection_type       = "Email",
      recipients            = ["abc@example.com"],
      subject               = "Monitor Alert: {{TriggerType}} on {{Name}}",
      time_zone             = "PST",
      message_body          = "Triggered {{TriggerType}} Alert on {{Name}}: {{QueryURL}}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]
}

Metrics Monitor Example

module "sumologic-metrics-monitor" {
  source                    = "SumoLogic/sumo-logic-monitor/sumologic"
  version                   = "{revision}"
  monitor_name                = "Metrics Monitor"
  monitor_description         = "Sample Metrics Monitor"
  monitor_monitor_type        = "Metrics"
  monitor_parent_id           = sumologic_monitor_folder.tf_monitor_folder_1.id

  # Queries - Multiple queries allowed for Metrics monitor
  queries   = {
    A = "<Metric_query1>",
    B = "<Metric_query2>",
    C = "<Metric_query3>"
  }

  # Triggers
  triggers  = [
              {
                  threshold_type            = "GreaterThanOrEqual",
                  threshold                 = 0,
                  time_range                = "5m",
                  occurrence_type           = "Always" # Options: Always, AtLeastOnce and MissingData for Metrics
                  trigger_source            = "AnyTimeSeries" # Options: AllTimeSeries and AnyTimeSeries for Metrics. 'AnyTimeSeries' is the only valid triggerSource for 'Critical' trigger
                  trigger_type              = "Critical",
                  detection_method          = "StaticCondition"
                },
                {
                  threshold_type            = "LessThan",
                  threshold                 = 0,
                  time_range                = "5m",
                  occurrence_type           = "Always" # Options: Always, AtLeastOnce and MissingData for Metrics
                  trigger_source            = "AnyTimeSeries" # Options: AllTimeSeries and AnyTimeSeries for Metrics.'AnyTimeSeries' is the only valid triggerSource for 'Critical' trigger
                  trigger_type              = "ResolvedCritical",
                  detection_method          = "StaticCondition"
                }
            ]

  # Notifications
  group_notifications      = true
  connection_notifications = [
    {
      connection_type       = "PagerDuty",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "{\"service_key\": \"your_pagerduty_api_integration_key\",\"event_type\": \"trigger\",\"description\": \"Alert: Triggered {{TriggerType}} for Monitor {{Name}}\",\"client\": \"Sumo Logic\",\"client_url\": \"{{QueryUrl}}\"}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    },
    {
      connection_type       = "Webhook",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]
  email_notifications = [
    {
      connection_type       = "Email",
      recipients            = ["abc@example.com"],
      subject               = "Monitor Alert: {{TriggerType}} on {{Name}}",
      time_zone             = "PST",
      message_body          = "Triggered {{TriggerType}} Alert on {{Name}}: {{QueryURL}}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]
}

Pre-defined Monitors