Sumo Logic provides the first cloud-based log management and analytics solution and removes the headaches associated with on-premise log management software, expensive hardware, complex management, and frequent software upgrades.
Collect, compress, and securely transfer all of your data regardless of volume, type, or location:
- Local or remote files
- Network, security, and other devices syslog
- Local or remote Microsoft Windows Events
- Metrics, performance, and other data
- Custom sources, databases, scripts, etc.
Sumo Logic enables enterprises to collect and analyze machine data from virtually any source – regardless of volume, format, or location. This includes servers, virtualization infrastructure, network devices, security infrastructure, custom and 3rd-party applications, databases, RFID scanners and more. These sources can be located on-premise, in the cloud, and in virtual environments, and can generate data volumes well into the terabytes per day.
Local and Hosted Collection
Sumo Logic is designed from the ground-up to securely and reliably collect data from any enterprise environment, including those with Big Data scale requirements.
Data is securely and reliably collected through either local collection (via Sumo Logic Collectors) or through hosted collection (via https or directly from Amazon S3).
The Sumo Logic Collector is a small footprint software application that can be deployed locally or remotely from the host data source. Sumo Logic Collectors compress data 10x, encrypt all data before transmitting to the Sumo Logic service, and cache all data to ensure data is never lost due to network issues. All data is collected in raw, or unstructured format with no need to parse or understand the data upfront; all data processing and parsing is handled in the cloud. By separating collection from processing and parsing, which occur entirely in the Sumo Logic service, there is no need to update complex parsing logic on every Collector. Consequently Collector performance is significantly improved and management overhead significantly reduced. Sumo Logic Collectors can be deployed on Unix, Linux, Windows, Solaris, or Mac devices and provide secure, reliable, and high performance data transmission to the Sumo Logic service.
Data can also be sent to the Sumo Logic service via hosted collection. Through hosted collection, customers send data directly from the data source to Sumo Logic, without adding any footprint to their IT infrastructure. Hosted collection can be deployed for on-premise environments, SaaS/IaaS/PaaS environments, and for direct collection from an S3 bucket in Amazon.
Whether you choose Sumo Logic Collectors and/or hosted collection, collecting data in Sumo Logic is fast and easy. With either collection option, you get the power of Sumo Logic’s search, analytics and visualization capabilities to monitor and troubleshoot your infrastructure.
Centralize all your logs within the Sumo Logic Service, and never worry about archiving, backups and restores. Sumo Logic’s globally distributed data center architecture provides the highest levels of data security, redundancy and durability:
- Customizable retention periods from days to years
- Data is always encrypted, customer-unique encryption keys rotated daily
- Instant access to all your data, regardless of time period or source
- Built-in high availability and redundancy
Globally Distributed Cloud Architecture
Sumo Logic delivers a massively scalable, multi-tenant service that performs data collection, processing, storage, and analysis within a centralized and highly secure cloud-based platform. The platform is powered by Sumo Logic’s patented Elastic Log Processing™ engine, which scales each component of the service independently to meet every customer’s compute, storage, and data processing requirements on demand. As a result, Sumo Logic delivers seamless scalability with zero operational overhead for our customers.
Because it is a cloud-based service, Sumo Logic does not impose limits on the amount of processing power a customer can apply to a problem. If a company suddenly faces data analysis requirements on a previously unmatched scale, it can add resources from Sumo Logic in as little as 15 minutes. If it were trying to tackle the same problem with an in-house approach, it would take days or weeks to add servers, software and personnel to increase processing capability.
Furthermore, Sumo Logic does not impose limits on retention periods for customer data. Retention periods are customizable from days up to years, depending on each customer’s requirements and use cases.
As a result, Sumo Logic delivers real-time insights and analysis to every customer, irrespective of geographical location, data volume, or retention requirement.
Built-in high-availability and data replication
Integrity of customer data is paramount in the Sumo Logic service. Sumo Logic’s globally distributed data retention architecture keeps your log data available at all times for instant analysis, with all customer data multi-replicated across several geographically dispersed data centers. Sumo Logic retains all data in a highly secure and reliable repository, eliminating the need for costly SAN and NAS infrastructures as well as the need to deal with data archiving, backups and restores, or redundancy strategies.
End-to-end data encryption
Sumo Logic implements the highest levels of data encryption in transit and at rest. The service consists of multiple clusters with individual nodes. Each node is maintained in a hardened and well-protected system at the network and application layers. All user interactions use EV SSL Certificates for secure communications between a browser and the Sumo Logic service, and all log data is sent through SSL encrypted sessions. At rest, all log data is securely separated by customer in a highly available data store and encrypted using customer-specific rotating keys.
Search and Troubleshoot
Index all of your machine data in real time and run lightning-fast searches across all your logs. Sumo Logic collects and processes all your logs in real time so that you can search the most up-to-the-minute information:
- Use search engine-like syntax
- Quickly find records with relevant keywords
- Use wildcards and boolean logic
Search-engine like syntax
Sumo Logic continually collects and processes machine data so customers can search and analyze in real time. All searches are done with Sumo Logic’s search engine-like syntax, incorporating keywords, wildcards, and Boolean logic. Queries can be evaluated in an incremental fashion, while intermediate results are pushed immediately to the web-based UI. Data fields can be parsed on-the-fly for inclusion in further analysis, including statistical analysis enabled by Sumo Logic’s full support of mathematical libraries.
Sumo Logic’s extensive query options mean that questions can be posed and answered quickly. Instead of following hunches and making educated guesses, IT teams can quickly scour massive amounts of data in search of the anomalies, error reports or patterns that will pinpoint the source of the problem.
Streaming Query Engine
The Sumo Logic streaming query engine performs all query processing in the Sumo Logic service. When searching historical data in Sumo Logic, users see results the instant a query begins and then see these results being refined and extended as the query completes. When searching on fresh data, users see results in real time.
Sumo Logic’s streaming query engine, together with the patented Elastic Log Processing™ engine, enables users to interactively query multi-terabyte data sets and derive insights instantly. This allows IT and the business to quickly identify and resolve application issues, monitor physical and virtual infrastructure in real time, and make critical decisions from the freshest set of data.
Correlate and Detect
Go far beyond searching with Real-time Interactive Analytics. Sumo Logic embeds powerful analytic and correlation operators that enable you to:
- Extract data fields and values from data
- Correlate events and see the timeline across multiple systems
- Trace transactions across multiple systems and discover hidden root causes
- Aggregate results based on relevant variables
- Perform transformations, mathematical and statistical analysis on data
- Execute conditional logic on individual logs or aggregations
Correlate and trace events and transactions
Given the diversity and volume of machine data IT environments generate, the ability to correlate events and transactions can yield significant value. However, correlating data from large and diverse data sources to reveal insights requires more than keywords, wildcards, and Boolean operators.
Sumo Logic’s search language contain a variety of analytical commands, such as the trace and sessionize operators, that enable customers to correlate events and see timelines across multiple systems as well as trace transactions across multiple systems. With these analytical commands, customers can aggregate results based on relevant variables, and execute conditional logic on these aggregations. Correlations can be time based where patterns are identified based on time proximity, or transaction based where patterns are identified based on tracking a set of related events. Sumo Logic also supports taking the results of one search and using it in a subsequent search, as well as lookups and joins. Through leveraging these analytical commands, customer can easily discover hidden relationships among disparate data.
Extract data fields to detect issues
In addition to real-time search on multi-terabyte sets of data, Sumo Logic Interactive Analytics enables customers to gain a richer perspective of application, system, infrastructure, and customer behavior. The ability to parse data on-the-fly and apply statistical and mathematical analysis provides enterprises with greater insight to make critical decisions.
Sumo Logic content libraries, such as those available for Apache, VMware, Cisco, and Windows logs, further simplify the process of deriving insight from log data. By leveraging content libraries, important fields are automatically extracted from unstructured data, and customers can immediately and easily analyze that data and detect any issues or anomalies.
Analyze with LogReduce™
Reduce hundreds of thousands of pages of results into a single page of meaningful patterns. The patent-pending LogReduce technology, with its powerful machine- learning algorithms reduces the noise within log data and surfaces meaningful behaviors:
- Events that occur more than others (e.g. errors flooding your logs)
- Events that occur very infrequently but are important (e.g. rare exception)
- Changes in underlying application behavior over time (e.g. an error message that never occurred before)
- Benefit from machine learning that improves over time based on your data and activity
Sift Through The Noise
With existing log management solutions, customers can only receive answers to questions they specifically ask. To uncover any insight, customers need to manually and tediously search through log records, write scripts, and handcraft queries.
Sumo Logic’s patent-pending LogReduce™ technology takes analysis to the next level, by proactively identifying insight even when a specific question was not asked. LogReduce technology reduces millions of log lines into a handful of human digestible patterns that enable IT teams to get to insights without having to manually write queries to slice and dice the data. This enables IT teams to quickly find important and emerging system, application, and user behavior patterns that would otherwise require days of analysis.
Identify changes in underlying application, system, and infrastructure behavior
Sumo Logic’s patent pending Push Analytics™ technology leverages LogReduce to automatically uncover insights and then push those insights proactively to IT teams in order to facilitate immediate investigations. Push Analytics automatically detects events that are anomalous to previous patterns, and notifies teams of these deviations from baseline. With Push Analytics, customers are able to continually monitor their IT environments for unusual application activity, operational failures, or security breaches.
Push Analytics works in two dimensions. First, it analyzes all the log data collected, looking for anomalies and unfamiliar patterns. Then, from that data, it makes a summary list of the most compelling and business-critical events and present those findings to an IT manager, who can select those items of greatest interest and drill down to investigate further.
The second dimension to Push Analytics is that it learns from not only the experience of a single customer, but also from the experience of all of its customers. That aggregated knowledge is applied in helping IT staff makes sense of anomalies and previously unseen patterns.
Through both dimensions, Sumo Logic’s Push Analytics finds the answers to both what is happening that shouldn’t be, as well as what isn’t happening that should be.
Alert and Notify
Set up notifications based on specific conditions or new patterns seen in log data and get alerted when important things occur. Conditions can be precise or can be based on deviations from baselines. These conditions can include:
- A specific number of occurrences of a particular exception
- An average application response time exceeds some threshold
- A deviation from baseline with anomaly score greater than some threshold
- Any time a new pattern is seen in log data
- When number of customer transactions drops below some threshold
Operational problems that can be addressed by properly collecting and analyzing log data are not just IT issues but are business critical. When properly analyzed, log data can provide an early warning about problems in revenue generating production applications or infrastructure, or enable early discovery of critical security breaches and compliance issues.
The Sumo Logic log management and analytics service enables early warning through threshold-based alerts. After identifying the occurrence of a precise condition, such as a specific number of instances of a particular exception or an average response time in excess of an acceptable value, Sumo Logic provides immediate notification to customers to enable investigation and issue resolution. Alerts can be triggered either when a threshold is met or not met, i.e. when an event that shouldn’t occur does, or when an event that should occur doesn’t.
Identify deviations from baselines
In addition to threshold based-alerts, the Sumo Logic service can also trigger alerts based on deviations from a baseline. Sumo Logic’s patent-pending Push Analytics™ technology leverages LogReduce to automatically baseline application, system, and infrastructure behavior, identify deviations from these baselines, and proactively notify customers of errant behavior. Leveraging Push Analytics, enterprises can identify and resolve application, operations, and security issues well before they manifest into negative customer experiences, and well before they impact the business. With these proactive notifications, Sumo Logic customers can rest assured their IT environment is behaving as expected and desired.
Visualize and Monitor
Create dashboards to monitor your applications and infrastructure in real-time. Powerful analytics help you transform critical activity, metrics and events into meaningful graphs and charts.
- Create dashboards with multiple metrics and view data as it changes in real time
- Share dashboards with others in your organization
- Identify anomalous behavior and perform root cause analysis
- Create advanced visualizations to display exactly what matters to your business
Create powerful visualizations
Sumo Logic real-time dashboards enable a new level of monitoring for applications and infrastructure. Our dashboards process Big Data volumes generated by today’s IT infrastructure and enable enterprises to analyze and display real-time information from terabytes of data.
With Sumo Logic, enterprises can build dashboards based on the same powerful Sumo Logic search language and enable a wide variety of visualization options. Customers can leverage out of the box content or build custom queries based on their environment. Data can be visualized using line, bar, column, table, as well as a variety of other types of charts.
Monitor in real time
Unlike any other log management solution, Sumo Logic dashboards continually refresh as new data comes off the wire. As a result, real-time information is displayed and dashboard monitors show data with near-zero latency. Sumo Logic is uniquely capable of delivering real-time monitoring as enterprise dashboards are powered by our patented Elastic Log Processing engine, capable of processing terabytes of data and delivering immediate results.
Overlay data from multiple sources
Dashboards in Sumo Logic can display related series of data, regardless of source, on the same graph to enable visual correlation and understand relationships between related values. Related series of data can be isolated and plotted on the same graph, with adjustable log or linear scale to display data with different magnitudes. Enterprises can highlight relationships between operational metrics and business results, enabling executives to make critical decisions from the freshest set of data available.
With Sumo Logic dashboards, customers can aggregate data based on IT or business relevant dimensions. Data can be aggregated based on host, physical location, user, or any other variable, and can be aggregated on a multivariable basis such as user and host. Customers can see granular distribution over time intervals from 1 second to 1 day or longer.
Drill down and investigate
After visually monitoring their IT environment with Sumo Logic dashboards, customers are able to easily drill down and investigate issues by going straight from dashboards into root-cause analysis. From a single click, Sumo Logic will show the full set of search results, and enable customers to expand the query to find the root cause by drilling down into related data sets. After doing so, customers can then refine queries, and update dashboard monitors with a single click.