Log4j Vulnerability Response Center. Get Informed Now

Back to blog results

May 1, 2012 By Stefan Zier

Sumo on Sumo, Part 2: User Signups

In part 1, we mentioned that we’re big on “dogfooding”. In this short post we’ll run you through a very simple use case we solve with our Sumo Logic product: When we launched in January, everybody here was extremely excited, and we wanted to know who signed up for our demo. Solving this problem with the product was a matter of 2 minutes.

The component responsible for account creation logs a line like the one below whenever somebody signs up for the demo:

2012-04-13 10:31:58,917 -0700 INFO [hostId=prod-bill-1] [module=BILL] [logger=bill.signup.DemoAccountRequestHandler] [thread=btpool0-19] [] Successful request: Stefan Zier (stefan+blog@sumologic.com) http://www.sumologic.com/free-trial/?email=stefan%2Bblog%40sumologic.com&firstName=Stefan&lastName=Zier&organizationName=Sumo&key=nnnnnnnnnnnnnnnnnn

Looking carefully, this has all the information we’re interested in. Let me walk you through the process of building up the search, refining it iteratively. First, let’s find the lines we’re interested in by picking two keywords we think uniquely identify this type of message:

DemoAccountRequestHandler Successful

Ok, this gives us the lines. Now, let’s parse out the first, last name and email:

DemoAccountRequestHandler Successful | parse “request: * (*)” as name, email

Now we have the data we care about, all parsed out. Note the simplified regular expression in the parse section of the query. Simply find a good anchor (“request:” in this case) and put * for the values you want parsed out. Looking at the results, we see that our own sign ups for testing and QA are included. Let’s get rid of them.

DemoAccountRequestHandler Successful !sumologic.com | parse “request: * (*)” as name, email

The only task that remains is to schedule it. Let’s say we want the results sent to employees every hour. We only want an email when there are results, not at 4am, when people are asleep. We save the search, schedule it, and configure the conditions for the schedule, as well as the destination of the notification:

That’s all – everybody at Sumo Logic now gets an hourly summary of demo signups! Here is what the email looks like (ok, I cheated and removed the “!sumologic.com” for this demo):

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.


Sumo Logic Continuous Intelligence Platform™

Build, run, and secure modern applications and cloud infrastructures.

Start free trial

Stefan Zier

Stefan was Sumo’s first engineer and Chief Architect. He enjoys working on cloud plumbing and is plotting to automate his job fully, so he can spend all his time skiing in Tahoe.

More posts by Stefan Zier.