Sumo Logic: Search Logs
Description
PagerDuty starts a Sumo Logic search job with your query and selected time range, waits for results to finish gathering, then returns up to the number of messages you set in Limit. Use it during incident response to pull relevant logs without leaving the workflow.
If you use SRE Agent, Sumo Logic is supported as a log source when the integration is configured for agent access. For prerequisites, enabling Allow SRE Agent Access on the Workflow Integration, and related guidance, see Agent Tooling Configuration.
Prerequisites
- A Sumo Logic account and credentials with permission to run searches your query requires.
- A Sumo Logic Workflow Integration connection in PagerDuty. Create or manage it under Integrations → Workflow Integrations. The connection’s Deployment region selects which Sumo Logic API endpoint PagerDuty uses (for example US1, EU, AU).
Instructions
Inputs
| Name | Description |
|---|---|
| Connection Input | Your Sumo Logic Workflow Integration. The deployment (region) stored on the connection determines which Sumo Logic API endpoint is used. If you have not yet configured a Sumo Logic integration, please see the Sumo Logic Integration instructions. |
| Query | Search string in Sumo Logic’s query language. For example: a keyword, field filters, or a pipeline such as _sourceCategory=prod/app | count by \_sourceHost. |
| Start Time | Start of the search window. Choose one of: Past 1 Minute, Past 5 Minutes, Past 10 Minutes, Past 15 Minutes, Past 30 Minutes, Past 1 Hour (default), Past 4 Hours, Past 1 Day, Past 2 Days, Past 7 Days, Past 14 Days, Past 30 Days. |
| End Time | End of the search window. Choose one of: Now (default), Past 1 Minute, Past 5 Minutes, Past 10 Minutes, Past 15 Minutes, Past 30 Minutes, Past 1 Hour, Past 4 Hours, Past 1 Day, Past 2 Days, Past 7 Days, Past 14 Days, Past 30 Days. |
| Limit | Maximum number of log messages to return. Allowed range: 1–10,000. Default: 100. |
Outputs
| Name | Description |
|---|---|
| Logs | JSON array of log messages returned by Sumo Logic (empty if the search failed or returned no messages). |
| Log Count | Number of messages in Logs (after Limit is applied). |
| Query Used | The query string sent to Sumo Logic. |
| Time Range Start | Start of the search window used (epoch milliseconds as a string). |
| Time Range End | End of the search window used (epoch milliseconds as a string). |
| Job ID | Sumo Logic search job identifier for this run. |
| Total Messages | Total messages the search found; can be larger than Log Count when Limit caps how many are returned. |
| Search Duration | Approximate wall-clock time for the action to complete, in seconds. |
| Result | Success or Failed. |
| Result Summary | Brief description of what the action did or if it failed. Example: "Successfully retrieved 42 logs." |
| Error | If the action failed, a short message suitable for notifications or branching. |
Behavior and limits
- PagerDuty polls the search job until it finishes gathering results or until about five minutes elapse; if the job is still running then, the action fails with a timeout. Very large or slow searches may need a narrower time range, a simpler query, or a lower Limit.
- Total Messages reflects how many messages matched the query; Log Count is how many are returned after Limit.
- Cancelled or failed search jobs in Sumo Logic cause this action to fail; use Error and Result Summary for detail when available.
Updated about 5 hours ago