Let’s say you have a web application running in a production environment and like most applications it is logging its operational data in a log file. In this two-part series, I am going to give you an overview of how you can store and analyze this log data using the Sumo Logic Service with our three-step “Collect, Extract and Analyze” approach. For additional technical details for any of the sections below, please see the online help.
Step 1 – Collect
Once you have an account with Sumo Logic, the first step is installing a Collector on a machine, which can access the application log file. A Collector is a lightweight application that can securely and robustly feed your log data to the Sumo Logic service.
A single Collector has the ability to send log data from various log sources to Sumo Logic as shown in the figure below:
For additional details on Collector configurations see the “Deciding Where to Install the Collectors” section of the online help.
You can then download, install and activate the Collector for your operating system by following the instructions in the Downloading and Installing a Collector section of the online help.
Once the Collector has been activated, the next step is to add a Source for your application log file. A Source identifies which log file is being collected, how it can be accessed and adds metadata tags to it, which you can use later while analyzing the data. See the Adding a New Source section in the online help on how to do this.
When adding your Source, we recommend setting the following metadata tags to help you identify your log data more accurately later when analyzing it.
- Source Category as “Application/Petstore”. This will tag the Source as an application and to be more specific, the Petstore application.
- Source Host as “US/West/Petstore/LinuxMc14”. This will tag the country, region, application name and machine name from which the log file is being collected.
Adding these tags will enable you to easily write searches at various levels.
- The search term “_sourceCategory=Application*” will identify log messages from all applications.
- The search term “_sourceHost=US/West/Petstore*” will identify all log messages from machines running the Petstore application in the western region of the United States.
For more information on suggested Source naming conventions, please look at the Establish Metadata Conventions section in the online help.
Once you have configured your Source, you can do a quick test to search for log messages specific to your application.To do this, click on the Search tab in the Sumo Logic web application and enter in the following search term:
Then select a time range for these messages on the right hand side of the screen and click the Start button to see how log messages are displayed in Sumo Logic.
As we have seen in this post, Collectors and their Sources provide a flexible framework by which you can upload and tag your log data. In a subsequent post, I will elaborate how to extract important information from your logs and gain further insight.