Sumo Logic provides the first cloud-based machine data analytics platform and removes the headaches associated with on-premise log management software, expensive hardware, complex management, and frequent software upgrades.

 

Collect

Collect, compress, and securely transfer all of your data regardless of volume, type, or location:

  • Local or remote files
  • Network, security, and other devices syslog
  • Local or remote Microsoft Windows Events
  • Metrics, performance, and other data
  • Custom sources, databases, scripts, etc.

Universal Collection

Sumo Logic enables enterprises to collect and analyze machine data from virtually any source – regardless of volume, format, or location. This includes servers, virtualization infrastructure, network devices, security infrastructure, custom and 3rd-party applications, databases, RFID scanners and more. These sources can be located on-premise, in the cloud, and in virtual environments, and can generate data volumes well into the terabytes per day.

Local and Hosted Collection

Sumo Logic is designed from the ground-up to securely and reliably collect data from any enterprise environment, including those with Big Data scale requirements.

Data is securely and reliably collected through either local collection (via Sumo Logic Collectors) or through hosted collection (via https or directly from Amazon S3).

The Sumo Logic Collector is a small footprint software application that can be deployed locally or remotely from the host data source. Sumo Logic Collectors compress data 10x, encrypt all data before transmitting to the Sumo Logic service, and cache all data to ensure data is never lost due to network issues. All data is collected in raw, or unstructured format with no need to parse or understand the data upfront; all data processing and parsing is handled in the cloud. By separating collection from processing and parsing, which occur entirely in the Sumo Logic service, there is no need to update complex parsing logic on every Collector. Consequently Collector performance is significantly improved and management overhead significantly reduced. Sumo Logic Collectors can be deployed on Unix, Linux, Windows, Solaris, or Mac devices and provide secure, reliable, and high performance data transmission to the Sumo Logic service.

Data can also be sent to the Sumo Logic service via hosted collection. Through hosted collection, customers send data directly from the data source to Sumo Logic, without adding any footprint to their IT infrastructure. Hosted collection can be deployed for on-premise environments, SaaS/IaaS/PaaS environments, and for direct collection from an S3 bucket in Amazon.

Whether you choose Sumo Logic Collectors and/or hosted collection, collecting data in Sumo Logic is fast and easy. With either collection option, you get the power of Sumo Logic’s search, analytics and visualization capabilities to monitor and troubleshoot your infrastructure.

 

Centralize

Centralize all your logs within the Sumo Logic Service, and never worry about archiving, backups and restores. Sumo Logic’s globally distributed data center architecture provides the highest levels of data security, redundancy and durability:

  • Customizable retention periods from days to years
  • Data is always encrypted, customer-unique encryption keys rotated daily
  • Instant access to all your data, regardless of time period or source
  • Built-in high availability and redundancy

Globally Distributed Cloud Architecture

Sumo Logic delivers a massively scalable, multi-tenant service that performs data collection, processing, storage, and analysis within a centralized and highly secure cloud-based platform. The platform is powered by Sumo Logic’s patented Elastic Log Processing™ engine, which scales each component of the service independently to meet every customer’s compute, storage, and data processing requirements on demand. As a result, Sumo Logic delivers seamless scalability with zero operational overhead for our customers.

Because it is a cloud-based service, Sumo Logic does not impose limits on the amount of processing power a customer can apply to a problem. If a company suddenly faces data analysis requirements on a previously unmatched scale, it can add resources from Sumo Logic in as little as 15 minutes. If it were trying to tackle the same problem with an in-house approach, it would take days or weeks to add servers, software and personnel to increase processing capability.

Furthermore, Sumo Logic does not impose limits on retention periods for customer data. Retention periods are customizable from days up to years, depending on each customer’s requirements and use cases.

As a result, Sumo Logic delivers real-time insights and analysis to every customer, irrespective of geographical location, data volume, or retention requirement.

Built-in high-availability and data replication

Integrity of customer data is paramount in the Sumo Logic service. Sumo Logic’s globally distributed data retention architecture keeps your log data available at all times for instant analysis, with all customer data multi-replicated across several geographically dispersed data centers. Sumo Logic retains all data in a highly secure and reliable repository, eliminating the need for costly SAN and NAS infrastructures as well as the need to deal with data archiving, backups and restores, or redundancy strategies.

End-to-end data encryption

Sumo Logic implements the highest levels of data encryption in transit and at rest. The service consists of multiple clusters with individual nodes. Each node is maintained in a hardened and well-protected system at the network and application layers. All user interactions use EV SSL Certificates for secure communications between a browser and the Sumo Logic service, and all log data is sent through SSL encrypted sessions. At rest, all log data is securely separated by customer in a highly available data store and encrypted using customer-specific rotating keys.

Anomaly Detection

Predict with Anomaly Detection

Sumo Logic Anomaly Detection leverages machine learning to enable enterprises to extend beyond the human limitation of pre-defined rules and reports. Anomaly Detection automatically detects anomalies in streams of machine data and then assembles these anomalies into events, enabling customers to:

  • Instantly detect anomalies across the entire applications, security and operations infrastructure
  • Provide user feedback to turn anomalies into known events for reference in an event database
  • Leverage LogReduce to rapidly investigate and identify the root cause of anomalous events
  • Set alerts for whenever an important event appears

Based on the patent-pending LogReduce™ technology, Anomaly Detection is the only offering to combine the best of machine learning, statistical analysis, and human knowledge to instantly generate insights from machine data. Anomaly Detection is the industry’s first solution to combine Big Data predictive and investigative capabilities to automatically address issues before problems arise.

Interesting use cases of anomaly detection include:

  • Detecting changes in compliance activity
  • Identifying systems or modules unexpectedly going offline
  • Noticing increases in access by unexpected device types
  • Identifying changes in application behavior after rollouts

Interested in learning more? See our blog post on Anomaly Detection.

 

Analyze with LogReduce™

Reduce hundreds of thousands of pages of results into a single page of meaningful patterns. The patent-pending LogReduce technology, with its powerful machine- learning algorithms, reduces the noise within log data and surfaces meaningful behaviors:

  • Events that occur more than others (e.g. errors flooding your logs)
  • Events that occur very infrequently but are important (e.g. rare exception)
  • Benefit from machine learning that improves over time based on your data and activity

 


Sift Through The Noise

With existing log management solutions, customers can only receive answers to questions they specifically ask. To uncover any insight, customers need to manually and tediously search through log records, write scripts, and handcraft queries.

Our LogReduce™ technology takes analysis to the next level, by proactively identifying insight even when a specific question was not asked. LogReduce technology reduces millions of log lines into a handful of human digestible patterns that enable IT teams to get to insights without having to manually write queries to slice and dice the data. This enables IT teams to quickly find important and emerging system, application, and user behavior patterns that would otherwise require days of analysis.

 

Alert and Notify

Set up notifications based on specific conditions or new patterns seen in log data and get alerted when important things occur. Conditions can be precise or can be based on deviations from baselines. These conditions can include:

  • A specific number of occurrences of a particular exception
  • An average application response time exceeds some threshold
  • A deviation from baseline with anomaly score greater than some threshold
  • Any time a new pattern is seen in log data
  • When number of customer transactions drops below some threshold

Threshold-based alerting

Operational problems that can be addressed by properly collecting and analyzing log data are not just IT issues but are business critical. When properly analyzed, log data can provide an early warning about problems in revenue generating production applications or infrastructure, or enable early discovery of critical security breaches and compliance issues.

The Sumo Logic log management and analytics service enables early warning through threshold-based alerts. After identifying the occurrence of a precise condition, such as a specific number of instances of a particular exception or an average response time in excess of an acceptable value, Sumo Logic provides immediate notification to customers to enable investigation and issue resolution. Alerts can be triggered either when a threshold is met or not met, i.e. when an event that shouldn’t occur does, or when an event that should occur doesn’t.

Identify deviations from baselines

In addition to threshold based-alerts, the Sumo Logic service can also trigger alerts based on deviations from a baseline. Sumo Logic’s patent-pending Push Analytics™ technology leverages LogReduce to automatically baseline application, system, and infrastructure behavior, identify deviations from these baselines, and proactively notify customers of errant behavior. Leveraging Push Analytics, enterprises can identify and resolve application, operations, and security issues well before they manifest into negative customer experiences, and well before they impact the business. With these proactive notifications, Sumo Logic customers can rest assured their IT environment is behaving as expected and desired.

Monitor

Visualize and Monitor

Create dashboards to monitor your applications and infrastructure in real-time. Powerful analytics help you transform critical activity, metrics and events into meaningful graphs and charts.

  • Create dashboards with multiple metrics and view data as it changes in real time
  • Share dashboards with others in your organization
  • Identify anomalous behavior and perform root cause analysis
  • Create advanced visualizations to display exactly what matters to your business

Create powerful visualizations

Sumo Logic real-time dashboards enable a new level of monitoring for applications and infrastructure. Our dashboards process Big Data volumes generated by today’s IT infrastructure and enable enterprises to analyze and display real-time information from terabytes of data.

With Sumo Logic, enterprises can build dashboards based on the same powerful Sumo Logic search language and enable a wide variety of visualization options. Customers can leverage out of the box content or build custom queries based on their environment. Data can be visualized using line, bar, column, table, as well as a variety of other types of charts.

Monitor in real time

Unlike any other log management solution, Sumo Logic dashboards continually refresh as new data comes off the wire. As a result, real-time information is displayed and dashboard monitors show data with near-zero latency. Sumo Logic is uniquely capable of delivering real-time monitoring as enterprise dashboards are powered by our patented Elastic Log Processing engine, capable of processing terabytes of data and delivering immediate results.

Overlay data from multiple sources

Dashboards in Sumo Logic can display related series of data, regardless of source, on the same graph to enable visual correlation and understand relationships between related values. Related series of data can be isolated and plotted on the same graph, with adjustable log or linear scale to display data with different magnitudes. Enterprises can highlight relationships between operational metrics and business results, enabling executives to make critical decisions from the freshest set of data available.

Overlay

Aggregate

With Sumo Logic dashboards, customers can aggregate data based on IT or business relevant dimensions. Data can be aggregated based on host, physical location, user, or any other variable, and can be aggregated on a multivariable basis such as user and host. Customers can see granular distribution over time intervals from 1 second to 1 day or longer.

Aggregate

Drill down and investigate

After visually monitoring their IT environment with Sumo Logic dashboards, customers are able to easily drill down and investigate issues by going straight from dashboards into root-cause analysis. From a single click, Sumo Logic will show the full set of search results, and enable customers to expand the query to find the root cause by drilling down into related data sets. After doing so, customers can then refine queries, and update dashboard monitors with a single click.