Blog › Authors › Ariel Smoliar

Ariel Smoliar, Senior Product Manager

Transaction Mining for Deeper Machine Data Intelligence

10.22.2014 | Posted by Ariel Smoliar, Senior Product Manager

The new Sumo Logic Transaction capability allows users to analyze related sequences of machine data. The comprehensive views uncover user behavior, operational and security insights that can help organizations optimize business strategy, plans and processes.

The new capability allows you to monitor transactions by a specific transaction ID (session ID, IP, user name, email, etc.) while handling data from distributed systems, where a request is passed through several different systems, each with its own transaction ID.

Over the past two months, we have worked with beta customers on a variety of use cases, including:

  • Tracking transactions in a payment processing platform

  • Following typical user sessions, detecting anomalous checkout transactions and catching checkout drop off in e-commerce websites

  • Tracking renewals, upgrades and new signup transactions

  • Monitoring phone registrations failures over a specific period

  • Tracking on-boarding of new users in SaaS products

The last use case is reflective of what SaaS companies care most about: truly understanding the behavior of users on their website that drive long-term engagement. We’ve used our new transaction analytics capabilities to better understand how users find our site, the process by which they get to our Sumo Logic Free page, and how quickly they sign up. Our customer success team uses Transaction Analytics to monitor how long it takes users to create a dashboard, run a search, and perform other common actions. This enables them to provide very specific feedback to the product team for future improvements.

This screenshot depicts a query with IP as the transaction ID and the various states mapped from the logs

This Sankey diagram visualizes the flow of the various components/states of a transaction on an e-commerce website

Many of our customers are already using tools such as Google Analytics to monitor visitors flow on their website and understand customer behavior. We are not launching this new capability to replace Google Analytics (even if it’s not embraced in some countries as Germany). What we bring on top of monitoring visitors flow, is the ability to identify divergence in state sequences and understand better the transitions between the states, in terms of latency for example. You probably see updates that some companies are announcing on plugins for log management platforms to detect anomalies and monitor user behavior and sessions. The team’s product philosophy is that we would like to provide our users all-rounded capability that enables them to make smart choices without requiring external tools, all from their machine data within the Sumo product.

It was a fascinating journey working on the transaction capability with our analytics team. It’s a natural evolution of our analytics strategy which now includes: 1) real-time aggregation and correlation with our Dashboards; 2) machine learning to automatically uncover anomalies and patterns; and 3) now transaction analytics to rapidly uncover relationships across distributed events.

We are all excited to launch Transaction Analytics. Please share with us your feedback on the new capability and let us know if we can help with your use cases. The transaction searches and the new visualization are definitely our favorite content.

Ariel Smoliar, Senior Product Manager

The New Sumo Logic Application Library

03.19.2014 | Posted by Ariel Smoliar, Senior Product Manager

Last July we launched our Applications webpage, and have been constantly adding new applications to this list. This week we are excited to announce a major step in delivering a better application user experience.  We have now integrated the Sumo Logic Application Library directly into core service and have made it available for both trial users and paying customers. 

The initial Library rollout includes the following applications: Active Directory, Apache, AWS CloudTrail, Cisco, IIS, Linux, Log Analysis QuickStart, Nginx, Palo Alto Networks, VMware and Windows. We updated the Sumo Logic user interface with a new “Apps” tab. You can install applications from the menu for a true self-service experience, without downloading any files. The dashboards for the applications you choose will be visible after following a few simple steps.

Apps library screenshot (1)

Over the coming weeks, we will add the remainder of the Sumo Logic Applications to the Library, including ones for Akamai Cloud Monitor, AWS Elastic Load Balancing, Snort, OSSEC, and more.  Till that time, we will manually load these applications for our customers.

What’s Next and Feedback

This is just the first phase in the rollout of our Application Library. We will continue to deliver more applications that provide critical insights into your operational and security use cases. In addition, we will continue to enhance the Library itself as a system to share relevant insights across your organization.

We are eager to hear your feedback on this initial phase. Please fill out this form if you would like to meet with us and share your experience using the Sumo Application Library.

 

Ariel Smoliar, Senior Product Manager

AWS Elastic Load Balancing – New Visibility Into Your AWS Load Balancers

03.06.2014 | Posted by Ariel Smoliar, Senior Product Manager

After the successful launch of the Sumo Logic Application for AWS CloudTrail last November and with numerous customers now using this application, we were really excited to work again on a new logging service from AWS, this time providing analytics around log files generated by the AWS Load Balancers.

Our integration with AWS CloudTrail targets use cases relevant to security, usage and operations. With our new application for AWS Elastic Load Balancing, we provide our customers with dashboards that provide real-time insights into operational data. You will also be able to add additional use cases based on your requirements by parsing the log entries and visualizing the data using our visualization tools.

Insights from ELB Log Data

Sumo Logic runs natively on the AWS infrastructure and uses AWS load balancers, so we had plenty of raw data to work with during the development of the content. You will find 12 fields in the ELB logs covering the entire request/response lifecycle. By adding the request, backend and response processing time, we can highlight the total time (latency) from when the load balancer started reading the request headers to when the load balancer started sending the response headers to the client. The Latency Analysis dashboard presents a granular analysis per domain, client IP and backend instance (EC2).

The Application also provides analysis of the status codes based on the ELB and backend instances status codes. Please note that the total count for the status codes will be similar for both the ELB and the instances most of the time, unless there are issues, such as no backend response or client rejected request. Additionally, for ELBs that have been configured with a TCP listener (layer 4) rather than HTTP, the TCP requests will be logged. In this case, you will see that the URL has three dashes and there are no values for the HTTP status codes.

Alerting Frequency

Often during my discussions with Sumo Logic users, the topic of scheduled searches and alerting comes up. Based on our work with ELB logs, there is no specific threshold that we recommend that covers every single use case scenario. The threshold should be based on the application – e.g., tiny beacon requests versus downloading huge files cause different latencies. Sumo Logic provides you with the flexibility to set threshold in the scheduled search or just to change the color in the graph for monitoring purpose, based on the value range

Visualization

I want to talk a little bit about machine data visualization. While skiing last week in Steamboat Colorado, I kept thinking about the relevance of the beautiful Rocky Mountain landscape with the somewhat more mundane world of load balancer data visualization. So here is what we did to present the load balancers data in a more compelling way:

pic1_blog

You can slice and dice the data using our Transpose operator as we did in the Latency by Load Balancer monitor, but I would like to focus on a different feature that was built by our UI team and share how we used it in this application. This feature combines data about the number of requests, the size of the total requests, the client IP address and integrates these data elements into the Total Requests and Data Volume monitor. 

We first used this visualization approach in our Nginx app (Traffic Volume and Bytes Served monitor). We received very positive feedback and decided it made sense to incorporate this approach into this application as well.

Combining three fields in a single view enables you to get faster overview of your environment and also provides you with the ability to drill-down and investigate any activity.

Screen Shot 2014-03-05 at 6.32.01 PM

It reminds one of the landscape above, right? :-)

To get this same visualization, click on the gear icon in the Search screen and choose the Change Series option. 

pic3_blog

For each data series, you can choose how you would like to represent the data. We used Column Chart for the total requests and Line Chart for the received and sent data. 

pic4_blog

I find it beautiful and useful. I hope you plan to use this visualization approach in your dashboards, and please let us know if any help is required.

One more thing…

Please stay tuned and check our posts next week… we can’t wait to share with you where we’re going next in the world of Sumo Logic Applications.

Twitter