Frequently Asked Questions

Technology Overview

What are the advantages of the Sumo Logic machine data analytics platform?

Designed from the ground up as a cloud-based service, Sumo Logic reduces the TCO of log management and analytics through simplified provisioning. It liberates enterprises from having to manage on-premise systems, costly network attached storage and/or storage area networks, and puts an end to add-on hardware costs and software upgrades. Sumo Logic handles all log data collection, processing, storage, forensics and analysis from a centralized and highly secure cloud-based platform.

As a cloud-based, massively scalable, multi-tenant service, how does Sumo Logic secure its customers’ highly sensitive log data?

All user interactions use Extended Validation (EV) SSL certificates for secure communications between a browser and the Sumo Logic service, and all log data is sent through SSL encrypted sessions. At rest, all customer data is securely separated in a highly available data store and encrypted using customer-specific rotating keys. Access to the Sumo Logic production cluster is only allowed to authorized users through a highly secure, two-factor authentication mechanism utilizing centrally managed and tracked IronKeys.

How does Sumo Logic scale to support the significant storage and log data retention needs of its customers?

The Sumo Logic service leverages the outstanding scalability, reliability, redundancy and durability of Amazon S3. This enables the Sumo Logic service to provide customers with superior quality-of-service for log data retention at an extremely competitive price point compared to customers building their own highly-available, disaster-recoverable storage arrays.

Why is Sumo Logic integrating key underlying technologies such as Scala, Hadoop, Cassandra and Neo4J?

These next-generation tools are key to quickly implementing tight iterations of a stable, scalable and feature-rich log management and analytics service. New data processing architectures, such as Hadoop, make it economical and predictable to run large-scale machine learning.

Features and Functionality

What is LogReduce?

The Sumo Logic patent-pending LogReduce technology takes analysis to the next level, by proactively identifying insight even when a specific question was not asked. LogReduce technology reduces millions of log lines into a handful of human digestible patterns that enable IT teams to get to insights without having to manually write queries to slice and dice the data. This enables IT teams to quickly find important and emerging system, application, and user behavior patterns that would otherwise require days of analysis.

What is Anomaly Detection?

Anomaly Detection in the Sumo Logic service allows companies to automatically detect unknown anomalies across their machine data and turn them into known events.  Based on the patent-pending LogReduce technology, Anomaly Detection combines the best of machine learning and human knowledge to generate critical insights about a company’s application and operational infrastructure.

What are examples of anomalies that Sumo Logic can easily uncover?

With anomaly detection, Sumo Logic customers can rapidly detect changes in compliance activity, identify systems that unexpectedly go offline, and monitor unexpected application behavior after a rollout.

How does the Sumo Logic Real-Time Forensics engine help customers accelerate the investigation of their log data?

The Real-Time Forensics engine is remarkable for two reasons. First, it provides reliable, low-latency indexing of large amounts of data. Second, an Interactive Analytics user interface (that serves as a highly intuitive query engine) is implemented for time-series data. As each query’s results are quickly computed, they are immediately pushed to the user interface that displays new updates. Unlike classic database approaches, there’s no need to wait for a lengthy query to finish before the actual results can be inspected. Queries are interactive and users can quickly issue the next query based on the rapid delivery of partial results, accelerating production application troubleshooting and other time-sensitive log analysis tasks.

How does the Sumo Logic Elastic Log Processing engine independently scale each customer’s compute, storage and data processing requirements?

Every module in the processing engine runs on its own, independently scalable cluster of machines, connected via reliable messaging. This enables Sumo Logic to elastically provision CPU and I/O requirements of each service transparently in order to maintain the latency and response time requirements of each customer.

Does Sumo Logic provide dashboards?

Yes, Sumo Logic provides real-time dashboards from which business owners, IT teams and developers can extract insight about their entire IT and application infrastructure. Sumo Logic dashboards take advantage of the streaming query engine that can scale to terabytes of data and powers the search and analytics functions of the Sumo Logic service.

Can I set up reports and alerts?

Yes. Any search that can be run in the Sumo Logic interactive analysis interface can be operationalized and converted into scheduled reports and alerts, with custom thresholds.

Do I have to pay any data upload fees in addition to what Sumo Logic charges?

No. There is no extra charge related to network bandwidth other than what you are currently paying for outbound bandwidth.

Data Collection

How does Sumo Logic collect data?

Sumo Logic collects data in two ways, through a small footprint Sumo Logic Collector, or through Hosted Collection (via https or directly from S3).

What does the Sumo Logic Collector do?

The Sumo Logic Collector compresses batches of collected log data and sends them over an encrypted channel to the Sumo Logic cloud. The encryption is industrial-strength, standards-compliant SSL.

Are Sumo Logic Collectors deployed one per machine or centrally?

This depends on your specific requirements. Sumo Logic’s goal is to make all collection work remotely in order to allow a small number of collectors to gather log data from many sources in the enterprise. If there's an existing Syslog infrastructure available already, the Sumo Logic Collector can replace the existing Syslog server and receive logs from the same sources. Depending on the circumstances, it can also make sense to deploy a Sumo Logic Collector for each logical set of logs, even if those originate from multiple machines, by using the remote file collection capability. Finally, thanks to the small footprint of the Sumo Logic Collector, it is possible to install the collector on many individual machines, for example by making it part of a base image.

If I host my product in Amazon, how can I seamlessly deploy Sumo Logic Collectors as I spin up new servers?

The Sumo Logic Collector is extremely lightweight software with an ultra-small footprint that can be integrated in your standard Amazon AMIs.

What happens if my network goes down? If there is caching, how much does it cache?

The Sumo Logic Collector detects failure conditions such as unavailable access to the Sumo Logic cloud, and will automatically cache log data coming from the sources it collects from, without stopping the collection. The cache is disk-based, and data is cached in compressed form to minimize the amount of disk space used.

What type of CPU and/or system usage will I see on the server the collector runs on?

The Sumo Logic Collector is small enough to be able to run alongside other workloads even on smaller machines, such as basic Amazon instances. If the volume of data collection per second is growing, consider using remote collection. To support a large amount of data collection per second, Sumo Logic recommends considering a dedicated collector machine or Amazon instance.

What platforms does the Sumo Logic Collector run on?

Windows, Unix, Linux, Mac, and Solaris.

How do I send data using Hosted Collection?

Hosted Collectors collect data via https (from on-premise or SaaS/IaaS/PaaS environments) or directly from an S3 bucket in AWS. To utilize hosted collection, select Hosted Collector as collector type in the Sumo Logic application.

How does Sumo Logic enable scalable log data collection?

Sumo Logic decouples data processing and parsing from the collection process, which drastically reduces processing and parsing requirements during data collection. In contrast to legacy on-premise log management software that performs semantic processing at the time of collection, Sumo Logic does not require frequent updating of constantly outdated parsing rules.

What types of log files can I collect with Sumo Logic?

Sumo Logic can ingest data from log files (either locally or remotely), Windows events, Syslog TCP or UDP, or from a script.