Skip to main content

Using the Audit Index with Webhook Connections

The Sumo Logic Audit Index provides event logs for scheduled search activity, including results sent via a webhook connection.

The following steps show you how to query the Audit Index for webhook activity from scheduled searches. You can review the raw event log messages to customize a more valuable query as needed.

  1. Ensure the Audit Index is enabled in your account.
  2. Run the following query with the desired time range:
    _index=sumologic_audit _sourcecategory="scheduled_search" action="MODIFY"
    | parse "[AlertType=*]" as alertType
    | where alertType="webhook"
  3. To see which user is sending scheduled searches results to webhooks, view the sourceuser field. A full list of available fields is available in the Audit event message fields table.
Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.