Sumo Logic Service Release Notes

We're excited to introduce the new Sumo Logic app for Azure Subscription. This app enables you to collect, analyze, and monitor Azure cloud activity in a single, centralized platform. This integration enhances security visibility, operational monitoring, and compliance tracking across your Azure environment.

The app supports collection of key Azure Subscription metrics, including Latency (request response times) and Traffic (request volume), helping you better understand service performance and usage patterns across your Azure resources. Learn more.

We’re excited to introduce new monitor alerts, along with the following dashboards, designed to provide deeper visibility into the authentication, user, and administrator activity within your Workday environment:

• Data Access and Exfiltration Risk
• Security Posture
• Session Intelligence

We’re excited to introduce new monitor alerts, along with the following dashboards, designed to provide deeper visibility into administrative activity and potential insider risks within your Netskope environment:

• Admin Audit & Compliance
• Watchlist & Insider Threat

We are excited to introduce App Registration support as the recommended authentication method for the Microsoft Office 365 Audit Source. This enhancement enables a more secure and reliable way to collect Microsoft 365 audit logs by using Azure AD application-based authentication instead of user credentials.

With App Registration, you can authenticate using Tenant ID, Client ID, and Client Secret, allowing Sumo Logic collectors to securely access the Microsoft 365 Management Activity APIs. This approach aligns with Microsoft’s recommended best practices for service-to-service integrations. Learn more.

We're excited to announce that you can now run search across child orgs with the View Organizations role capability. Previously, this functionality was limited to users only with Manage Organizations capability. Learn more.

We’re excited to introduce the new Sumo Logic Data Volume app for MSSPs, delivering detailed insights into data usage across all child orgs. With rich segmentation by data type, tier, category, collector, source, and host, the app enables precise analysis of ingest patterns at every level. Leveraging predefined dashboards it empowers MSSPs to efficiently monitor, analyze, and optimize ingest volume across their entire managed environment. Learn more.

We’re excited to introduce the new Sumo Logic source for Proofpoint TRAP, enabling seamless ingestion of message logs via the Proofpoint TRAP API. This integration provides enhanced visibility into email threats by delivering detailed insights on message disposition, detected threats, and policy actions. Security teams can now more efficiently identify, investigate, and respond to email-based attacks with improved context and analysis. Learn more.

We're excited to announce that you can now delete the ingested data directly from Sumo Logic using deletion requests. This helps you to quickly remove unintentionally ingested sensitive data without contacting Sumo Logic Support. Deletion requests support multiple datasets, time ranges, customizable filters, and full audit tracking. Also, you can manage the requests programmatically using the Data Deletion Rules API. Learn more.

We are excited to introduce the ability to manage lookup tables within library content on our Manage Content tab. With this enhancement, MSSP administrators can conveniently push lookup table items in the Library folder to multiple child organizations at once, simplifying content distribution and management. Learn more.

We're excited to introduce support for filtering the scheduled dashboard reports by child orgs. When setting up a scheduled report, select the required child org(s) from the Organization dropdown under the Select Variables section to receive a report that reflects data for your intended child organization. Learn more.

We are excited to announce the deployment of a new Sumo Logic service region in the Amazon Web Services (AWS) region located in Zurich, Switzerland, further expanding our global infrastructure to support customers across Europe. This new region enables organizations to deploy and operate their Sumo Logic environments with enhanced data residency, regulatory compliance, and reduced latency, while continuing to leverage the full capabilities of the Sumo Logic platform for log analytics, security monitoring, and observability. Learn more.

Enhancements​

We’ve enhanced multiple Sumo Logic apps to improve visibility, usability, and proactive monitoring with refreshed queries, localized dashboards, and new monitor alerts.

• Azure Security apps. Updated Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Graph Security with refreshed content and new monitor alerts to detect high-severity incidents, suspicious devices, and activity from embargoed or high-risk locations.
• Data Volume. Added monitor alerts to track log ingestion, detect usage spikes or data gaps, and prevent unexpected credit overages. Learn more.
• Enterprise Audit apps. Updated Enterprise Audit - Collector & Data Forwarding Management, Enterprise Audit - Content Management, Enterprise Audit – Cloud SIEM, Enterprise Audit - Security Management, and Enterprise Audit - User & Role Management with monitor alerts to improve compliance, detect misconfigurations, identify embargoed-location activity, and surface high-risk security events.
• Enterprise Search Audit. Added the Enterprise Search Audit – Failures KPIs and Breakdowns dashboard and monitor alerts to track search reliability, performance, and cost-related risks. Learn more.
• Flex. Added monitor alerts to help you detect ingestion spikes, prevent budget overruns, and control expensive queries by automatically flagging abnormal data usage and credit consumption before they impact costs or system stability. Learn more.
• Infrequent Data Tier. Added monitor alerts that help you control costs and usage by detecting consumption spikes, expensive or failed queries, and abnormal user or module-level scan activity before they waste credits. Learn more.
• SentinelOne. Added monitor alerts to help you detect high-risk threats, suspicious activity, and compliance violations in real-time, enabling faster response and stronger endpoint security. Learn more.

App deprecation​

• Security Analytics. The Security Analytics app has been deprecated and is no longer actively supported or recommended for use.

We’re excited to introduce our new Macros feature, which enables you to define reusable query logic that can be referenced across multiple searches. This approach improves efficiency, promotes consistency, and makes complex queries easier to manage and maintain at scale.

Key features include:

• Argument-based macros. Macros accepts arguments to dynamically adjust query behavior at runtime, enabling flexible and context-aware execution.
• Nested macro support. Macros can call other macros within their definitions, allowing you to build modular, reusable query components.
• Improved standardization of search logic. Macros help centralize commonly used filters, parsing rules, and aggregations, improving maintainability and ensuring consistent query behavior across teams.

Learn more.

Previously, we announced token-based authentication for secure HTTP sources. Now we are happy to announce that the Terraform sumologic_http_source data source adds the token and base_url attributes to support token-based auth for HTTP sources. Learn more.

We’re excited to announce that parent org administrators can now centrally manage default and user-specific role assignments for child organizations. This enhancement allows admins to assign custom roles for users accessing child orgs via SSO, reducing over-privileged access, eliminating per-org configuration overhead, and ensuring consistent role assignments across organizations. Learn more.

We're excited to announce the ability to manage source templates for enterprises with multiple organizations such as MSSPs (which typically have a parent organization with multiple child organizations). These source templates provide efficient, scalable data collection management by applying consistent setups across multiple collectors. Learn more.

We have reintroduced the ability to perform actions on content items directly from navigation menus in the new UI. You can now manage content more quickly without needing to open the Content Library first.

This enhancement reduces the number of clicks required to manage content, helping you work more efficiently and streamline everyday workflows. Learn more about our UI.

What’s new​

• Access actions from navigation menus. Perform actions directly from Recent, Library, and other navigation areas.
• Edit content quickly. Open and modify items without additional navigation steps.
• Delete without switching context. Remove content directly from where you are working.
• Move items easily. Relocate content between folders without leaving the current view.
• Share and export faster. Access common management options from the same menu.

We're excited to introduce secure token-based authentication for HTTP sources. This new capability allows you to authenticate using a unique token in the request header, maintaining the existing HTTPS endpoint behavior while adding token validation per source.

Obtain the token to use in an auth header when you configure an HTTP source or regenerate the URL. To learn more, see:

• Configure an HTTP Logs and Metrics Source
• Create an OTLP/HTTP Source
• Generate a New URL for an HTTP Source

We’re excited to introduce our new Searchable Time timestamp in Log Search, which indicates when ingested logs are fully processed and ready for search. Running queries using this timestamp helps you to eliminate errors caused by ingestion latency and non-linear indexing, ensuring non-overlapping time-range queries return complete results without gaps or duplication. Learn more.

Enhancements​

• Azure SQL Managed Instance app. Updated documentation for the Azure SQL Managed Instance app, including detailed steps for collecting logs, audit logs, and metrics.
• Sumo Logic Audit app. Added monitor alerts for the Sumo Logic Audit app.
• CrowdStrike - Falcon Endpoint Protection app. Updated the sample log messages, dashboards, and monitor alerts for CrowdStrike - Falcon Endpoint Protection app to coordinate it with EppDetectionSummaryEvent data type.
• Azure Container Instances app. Updated the Azure Container Instances app to set the default value for resource_type to CONTAINERGROUPS and added the !category field in log query scope.
• Windows Source Template. Released the Windows Source Template version 9.1.0, which tags the default _parser for logs forwarded to Cloud SIEM. For detailed version information, refer to the changelog file.
• Updated OpenTelemetry apps. Redis and HAProxy.

We're excited to announce that Auto Parse Mode is now enabled for MSSPs customers. This feature automatically extracts fields from JSON log messages at search time, reducing manual parsing effort and accelerating analysis. Learn more.

We’re excited to announce that we’ve updated the Webhook Connections setup flow and all related subdirectories (such as Slack, Datadog, Jira, and others) in the Sumo Logic documentations to align with the new Connections page experience. Learn more.

We’re excited to announce that signing in to Sumo Logic is now even more convenient using your Google account credentials. If your email address is associated with a Google account, simply select Continue with Google on the sign-in page to access Sumo Logic with no additional setup required.

You can also use Google SSO when signing up for a new Sumo Logic account. Organizations that use SAML or other identity providers can continue to sign in using their existing authentication methods. Learn more.

New release​

LiteLLM​

We are excited to announce the addition of a native Sumo Logic HTTP Source webhook integration for collecting LiteLLM usage and proxy log data in Sumo Logic. Learn more.

Enhancements​

• VMware Tanzu Application Service. Released Sumo Logic Nozzle for VMware Tanzu versions 1.0.7 and 1.0.8, which add support for Tanzu v10.2. For detailed version information, refer to the changelog file.
• AWS Serverless Application Models (SAM). Released the following two SAMs:
  • sumologic-aws-cloudtrail-benchmark 1.0.22
  • sumologic-guardduty-benchmark 1.0.19

This is an archive of the 2025 Sumo Logic Service Release Notes. To view the full archive, click here. Release notes are available on our website for a rolling multi-year period. For information about older releases, contact Support.

This is an archive of the 2024 Sumo Logic Service Release Notes. To view the full archive, click here. Release notes are available on our website for a rolling multi-year period. For information about older releases, contact Support.

This is an archive of the 2023 Sumo Logic Service Release Notes. To view the full archive, click here. Release notes are available on our website for a rolling multi-year period. For information about older releases, contact Support.

This is an archive of the 2022 Sumo Logic Service Release Notes. To view the full archive, click here. Release notes are available on our website for a rolling multi-year period. For information about older releases, contact Support.