My coworkers and I hooked our coffee maker up to the office Wi-Fi the minute we found out we could (we’re engineers after all). We’re located in Seattle, so the chances we’d buy a coffee machine that can’t be connected to the Internet are slim. We got excited when it showed up on our local ExtraHop which monitors the office network, but the wind went out of our sails a bit when all it did was an XML-over-TCP heartbeat to the manufacturer on some ephemeral port. For days. Oh well, on to actual work.
As we connect more and more devices to our networks, as interconnections and communications between our systems and applications increase, monitoring and managing these devices increases in complexity and importance. It’s not just coffee makers jumping on the Internet, but industrial and warehousing equipment, even cars. Planning ahead, what does our monitoring strategy look like as we implement the new Internet of Things? It isn’t tied to a single monitoring methodology, but instead is going to require a best-of-breed approach, and combining ExtraHop’s wire data analytics with Sumo Logic’s machine data analytics lays the foundation for next-generation monitoring.
Machine Data + Wire Data
Logging has been king in IT ops and will continue to be instrumental going forward. Developers know the apps inside and out and can provide an internal view of not just code flow but business flow. Sumo Logic brings intelligence to the Apache access files you already have, and, with even small modifications the log’s usefulness is greatly improved. Sumo Logic makes workflows like parsing a key like timestamp, client_ip, or request_uid from error.log and correlating to access.log a snap; no sed, grep, or awk required. On the flip side, Sumo Logic has made integrations with off-the-shelf technologies like S3, CloudTrail, and even OSX simple. But there is more to see than what is available in your logs, and that’s where wire data comes in.
Wire data is all the information flowing over your networks. Whereas machine data is all the logs files stored on discrete servers or services, wire data is the communication passed between those discrete elements. HTTP? That’s wire data. FTP? Also wire data. The same goes for our coffee machine’s TCP heartbeat. Here at ExtraHop, we specialize in real-time wire data analytics at scale (I heard Sumo Logic is into scale). With the ExtraHop platform’s Open Data Stream, you can send your wire data to Sumo Logic for correlation with machine data.
The ExtraHop appliance analyzes a mirrored copy of your network traffic to extract real-time wire data.
Combining ExtraHop and Sumo Logic, you can troubleshoot failed order transactions by pulling the error and request information from your Apache logs (machine data), stack traces from application logs (machine data), POST parameters (order ID, user ID) from the HTTP request (wire data), HTTP status codes (machine and wire data), HTTP headers (wire data), and TCP aborts (wire data). You could also add performance metrics like processing time (wire and machine data), network latency (wire data), and TCP issues like retransmission timeouts and throttling (wire data).
The power of wire data is that it is application agnostic. When you use machine and wire data in conjunction with each other, you get a comprehensive view of your application, inside and outside. And if you find yourself wanting metrics that weren’t included in the logs, you can often pull them from the wire instead going through dev and QA. While we didn’t see anything other than a heartbeat from the coffee machine in those first few days, writing a Trigger to extract methods and messages and push them into Sumo Logic is trivial, and with Sumo Logic’s tools like LogReduce and anomaly detection, the day our coffee machine decides it’s time for an unscheduled tune up, we’ll be the first to know.
If you’re like us, you want to understand what everything in your environment is doing, including your coffee maker, whether you’re implementing your own in-house tech or buying off-the-shelf. When you combine multiple sources of data, you can drive quicker troubleshooting and optimization, deliver business insights, and deliver more secure applications, all built on more visibility.
Who am I? I’m a Technical Marketing Engineer at ExtraHop Networks, a wire data analytics company based in Seattle, Washington. I’ve been lucky enough to see the rise of the next generation of IT operational intelligence from the inside, and get to build solutions that leverage many of these technologies, including integrating the ExtraHop and Sumo Logic platforms. When I’m not at work, you can find me dancing at various music festivals, maining support in LoL, or running/biking around the Pacific Northwest.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.