-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsumologic_collector.tf
117 lines (106 loc) · 2.97 KB
/
sumologic_collector.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
terraform {
required_providers {
sumologic = {
source = "SumoLogic/sumologic"
version = ">=2.9.0"
}
}
}
provider "sumologic" {
access_id = var.sumologic_access_id
access_key = var.sumologic_access_key
}
variable "sumologic_access_id" {
description = "Sumo Logic Access ID"
type = string
sensitive = true
}
variable "sumologic_access_key" {
description = "Sumo Logic Access Key"
type = string
sensitive = true
}
variable "sumologic_notification_email" {
description = "Sumo Logic Monitor Notification Recipient"
type = string
sensitive = false
}
# Create a Sumo Logic Collector
resource "sumologic_collector" "my_collector" {
name = "My Terraform Collector"
description = "Collector created by Terraform"
category = "terraform/collectors"
timezone = "UTC"
# Optional configuration settings
fields = {
environment = "production"
}
}
# Create a Sumo Logic HTTP Source
resource "sumologic_http_source" "my_http_source" {
name = "My HTTP Source"
collector_id = sumologic_collector.my_collector.id
message_per_request = false
multiline_processing_enabled = true
category = "terraform/http_sources"
description = "HTTP Source for Terraform collector"
}
# Create a Sumo Logic Monitor
resource "sumologic_monitor" "status_code_monitor" {
name = "HTTP Status Code Monitor"
description = "Monitor for 4xx and 5xx status codes in HTTP logs"
type = "MonitorsLibraryMonitor"
content_type = "Monitor"
monitor_type = "Logs"
evaluation_delay = "5m"
is_disabled = false
tags = {
"team" = "monitoring"
"application" = "sumologic"
}
# Define the log query
queries {
row_id = "A"
query = "_sourceCategory=terraform* | where status_code matches \"4*\" OR status_code matches \"5*\""
}
# Trigger conditions for critical and warning levels
trigger_conditions {
logs_static_condition {
critical {
time_range = "5m"
alert {
threshold = 1.0
threshold_type = "GreaterThan"
}
resolution {
threshold = 1.0
threshold_type = "LessThanOrEqual"
}
}
warning {
time_range = "5m"
alert {
threshold = 1.0
threshold_type = "GreaterThan"
}
resolution {
threshold = 1.0
threshold_type = "LessThanOrEqual"
}
}
}
}
# Notification settings
notifications {
notification {
connection_type = "Email"
recipients = [
var.sumologic_notification_email
]
subject = "Monitor Alert: {{TriggerType}} on {{Name}}"
time_zone = "PST"
message_body = "Triggered {{TriggerType}} Alert on {{Name}}: {{QueryURL}}"
}
run_for_trigger_types = ["Critical", "ResolvedCritical", "Warning"]
}
}