Sumo Logic Service Release Notes

New Release​

We’re excited to announce the release of the following Sumo Logic apps.

• Azure SQL Managed Instance. Added a comprehensive set of dashboards and monitor alerts for the Azure SQL Managed Instance app, providing enhanced visibility into performance, security, operations, and workload health across all managed instances. Learn more.
• Enterprise Audit - Collection and Data Forwarding for MSSP. The Sumo Logic app for Enterprise Audit – Collector and Data Forwarding Management for MSSP provides centralized visibility into collector activity, source behavior, and data-forwarding trends across child organizations within an MSSP environment. Learn more.
• LiteLLM. The Sumo Logic app for LiteLLM provides a centralized visibility into LiteLLM usage, performance, reliability, and cost, helping teams monitor latency, tokens, spend, failures, and fallbacks across multiple LLM providers to keep AI workloads efficient and reliable. Learn more.
• Upwind. The Sumo Logic app for Upwind helps you send threat, configuration, and audit events to Sumo Logic via webhook for centralized monitoring. Learn more.

Enhancements​

We’ve enhanced multiple Sumo Logic apps to improve visibility, usability, and proactive monitoring with refreshed queries, localized dashboards, and new monitor alerts.

• AWS CloudTrail. Added two new dashboards for Security Analytics - Data Exfiltration and Exposure and Security Analytics - Suspicious Indicators, along with monitor alerts to help ensure continuous visibility, protect critical security controls, and enable rapid response to high-impact threats. Learn more.
• Box. Added six new dashboards for Admin and Compliance, Collaboration and Sharing, Overview, Resource Monitoring, Security Threats and Anomalies, and User Monitoring, along with monitoring alerts for proactive threat detection and mitigation. Learn more.
• Citrix Cloud. Added three new dashboards for Network and Client Overview, Session Logon Performance, and User Experience and Session Health, along with monitor alerts to help ensure secure access, stable performance, and faster troubleshooting for Citrix Cloud environments.Learn more.
• Enterprise Audit - Collector & Data Forwarding Management. Added a new dashboard for Installed Collector Upgrade for detailed analysis, helping you track upgrade activity and troubleshoot failed upgrades by collector, requester, and version path. Learn more.
• Infrequent Data Tier. Updated the dashboard images for enhanced visibility and accuracy. Learn more.
• Microsoft Foundry:
  • Renamed the Azure OpenAI app to Microsoft Foundry to reflect expanded support for multiple models beyond OpenAI and a unified AI platform experience.
  • Added four new dashboards for Speech and Audio, Traffic and Payload, Translation and Document, and Usage and Token Consumption to provide deeper visibility into workload performance and resource utilization. Learn more.
• Slack. Added five new dashboards for App Overview, Files Overview, User Authentication and Security, Access Security Overview, and Workspace Security Overview, along with monitor alerts to detect and respond to data breaches and security threats. Learn more.
• Tenable. Added two new dashboards for Vulnerability Analysis and Asset Inventory, along with monitor alerts to detect and fix critical severity vulnerabilities. Learn more.

Collection Mechanism​

Azure Append Blob and Azure Block Blob v4.1.8. Forced fast-xml-parser to patched versions across BlockBlob and AppendBlob target builds, and updated the test requests dependency to resolve Dependabot alerts after rescan.

Solution​

AWS Observability v2.14.0. Updated the AWS Observability solution to support the Zurich deployment and enhanced nine AWS apps, including improvements to Load Balancer FERs for better monitoring and performance insights. Learn more.

Bug fixes​

• Removed hardcoded aws partition from ARN parse statements for Amazon Redshift ULM and Amazon SES.
• Fixed the ARN partition value in parse statements for Amazon Bedrock.

We're exicted to introduce the dark and light theme support across the Sumo Logic platform in the New UI, allowing you to personalize your viewing experience. Switch themes instantly from anywhere in the platform using the global theme button in the top toolbar (adjacent to the Go to... button), or set your preference in Account Preferences. Learn more.

We’re excited to introduce the following new Sumo Logic apps:

• LiteLLM. The Sumo Logic app for LiteLLM provides preconfigured dashboards and alerts to monitor usage, cost, performance, and infrastructure for reliable LLM proxy operations. Learn more.
• Upwind. The Sumo Logic app for Upwind helps you send threat, configuration, and audit events to Sumo Logic via webhook for centralized monitoring. Learn more.

We're simplifying the terminology we use to describe features in development and validation stages. Starting today, we're replacing Beta with Customer Preview to help you better understand the state of new features and how they fit into your environment.

What's changing​

Work with your account team to learn more about available Previews and to sign up for early access.

Why this matters​

The new Preview terminology provides:

• Clearer participation criteria. Understand who can access each tier.
• Better maturity signals. Know what level of production-readiness to expect.
• Consistent naming. The same terminology across all Sumo Logic products and features.

During the transition period, you may see both Beta and Preview labels active at the same time. All documentation, badges, and release notes will adopt the new terminology going forward. Learn more.

We’re excited to introduce in-app tabs to our Search page, making it easier to manage multiple searches side-by-side within a single browser window. With this enhancement, you can open multiple searches in separate in-app tabs, switch between queries without losing context, compare results more efficiently, and keep long-running or reference searches open while continuing your workflow. This update streamlines investigations by eliminating the need to recreate searches or rely on multiple browser tabs, helping you stay organized and move faster during troubleshooting and analysis. Learn more.

We’re excited to introduce the new Sumo Logic Enterprise Audit – Collector and Data Forwarding Management app for MSSP, providing centralized visibility into collector activity, source behavior, and data forwarding trends across child organizations within a MSSP environment.

This app is designed to help Managed Security Service Providers (MSSPs) monitor and manage their distributed data collection infrastructure more effectively, ensuring operational transparency and control across multiple orgs. Learn more.

We’re excited to introduce the new Create Usage Alert button in our Accounts Overview page. This enhancement allows you to quickly create a monitor for 70% and 90% credit usage thresholds, improving proactive credit usage monitoring and helping you take timely action before usage reaches critical levels.

• Data Tiers - Learn more
• Flex - Learn more

New Release​

We’re excited to announce the release of the following apps for Sumo Logic.

• Amazon SageMaker. The Amazon SageMaker app provide insights into CloudTrail, CloudWatch Logs, and performance metrics for your Amazon SageMaker service. Learn more.
• Azure Firewall. The Azure Firewall app enables centralized visibility into firewall health, network and application rules, threat intelligence, and IDPS events. Learn more.
• Azure Subscription. The Azure Subscription app centralizes the collection and analysis of activity logs, enhancing security, operational visibility, and compliance monitoring. Learn more.
• Data Volume for MSSP. The Data Volume for MSSP app provides centralized visibility into data usage across child organizations by type, tier, category, and source. Learn more.
• Apache Hadoop - OpenTelemetry. The Apache Hadoop - OpenTelemetry app delivers end-to-end visibility into cluster health, performance, and resource utilization through logs and metrics. Learn more.
• OpenLLMetry. The OpenLLMetry app enables end-to-end observability of LLM applications by collecting traces, metrics, and events across prompts, responses, latency, and errors. Learn more.

Enhancements​

We’ve enhanced multiple Sumo Logic apps to improve visibility, usability, and proactive monitoring with refreshed queries, localized dashboards, and new monitor alerts.

• Abnormal Security. Added monitor alerts to accelerate incident response and updated the existing dashboards to enhance panel queries. Learn more.
• AWS Lambda Extension. The Sumo Logic AWS Lambda Extension v1.4.0 now supports Lambda managed instance runtime and adds deployment support for two new AWS regions: ca-west-1 and eusc-de-east-1. This update enhances runtime compatibility and expands regional availability, enabling more flexible and scalable deployments. Learn more.
• Azure Security. Updated the Microsoft Defender for Cloud Apps and Microsoft Entra ID Protection apps with refreshed content and new monitor alerts.
• Cato Networks. Updated the Cato Networks app with enhanced dashboard panels and monitor alerts to ensure rapid incident response and regulatory compliance. Learn more.
• Cisco Meraki - C2C. Added monitor alerts along with the Network Traffic Overview dashboard to enable continuous tracking of network traffic patterns, insecure port usage, and geo-based risks in Cisco Meraki, helping quickly detect anomalies and strengthen network security. Learn more.
• AWS CloudTrail. Added monitor alerts along with the Root User Monitoring dashboard to provide real-time visibility and detection of high-risk root user activities and critical security events in your AWS environment. Learn more.
• Duo Security. Added monitor alerts along with the Activity Events dashboard and Users Overview dashboard to provide visibility into administrator activity and user security posture in Duo Security, helping strengthen overall access control. Learn more.
• Google Workspace. Added monitor alerts along with the Google Workspace - Alert Center - Mobile Device Management dashboard and Google Workspace - Alert Center - Admin Actions dashboard to enable faster response and improved security posture n Google Workspace. Learn more.
• Microsoft Graph Azure AD Reporting. Added monitor alerts along with the Sign-Ins Security Overview dashboard and Provisioning Error Analysis dashboard to provide comprehensive visibility into Azure AD authentication and provisioning activities, enabling faster detection and management of anomalies. Learn more.
• Mimecast. Added monitor alerts along with Audit Events Overview, DLP Policy Monitoring, Hold Message Analysis, SIEM Logs - Overview, SIEM Logs - Threat Protection, and SIEM Logs - Email Processing and Delivery dashboards to enhance visibility into email traffic, threat detection, and data loss, strengthening Mimecast security posture. Learn more.
• Microsoft Exchange Trace Logs. Updated the following documentations:
  • Microsoft Exchange Trace Logs source. to use the Microsoft Graph API as the new data access endpoint, replacing the Office 365 reporting service that Microsoft will deprecate on April 8, 2026. Learn more.
  • Microsoft Exchange Trace Logs app. Added monitor alerts along with the Security Overview dashboard to provide insights into email security to quickly detect risks and suspicious patterns within your Microsoft Exchange Trace Logs environment. Learn more.
• Netskope. Added monitor alerts along with the Admin Audit & Compliance dashboard and Watchlist & Insider Threat dashboard to provide a deeper visibility into administrative activity and potential insider risks within your Netskope environment. Learn more.
• Salesforce. Added monitor alerts to strengthen security and updated the existing dashboards to enhance panel queries. Learn more.
• Sumo Logic Audit app. Added the Library Content - Monitors dashboard to the Sumo Logic Audit app to provide insights into monitors usage based on users working with monitors, deletions, and notifications. Learn more.
• Workday. Added monitor alerts along with the Data Access and Exfiltration Risk dashboard, Security Posture dashboard, and Session Intelligence dashboard to enable visibility into data access risks, security posture, and user session behavior in Workday. Learn more.

We're excited to introduce the new Sumo Logic app for Azure Subscription. This app enables you to collect, analyze, and monitor Azure cloud activity in a single, centralized platform. This integration enhances security visibility, operational monitoring, and compliance tracking across your Azure environment.

The app supports collection of key Azure Subscription metrics, including Latency (request response times) and Traffic (request volume), helping you better understand service performance and usage patterns across your Azure resources. Learn more.

We’re excited to introduce new monitor alerts, along with the following dashboards, designed to provide deeper visibility into the authentication, user, and administrator activity within your Workday environment:

• Data Access and Exfiltration Risk
• Security Posture
• Session Intelligence

We’re excited to introduce new monitor alerts, along with the following dashboards, designed to provide deeper visibility into administrative activity and potential insider risks within your Netskope environment:

• Admin Audit & Compliance
• Watchlist & Insider Threat

We are excited to introduce App Registration support as the recommended authentication method for the Microsoft Office 365 Audit Source. This enhancement enables a more secure and reliable way to collect Microsoft 365 audit logs by using Azure AD application-based authentication instead of user credentials.

With App Registration, you can authenticate using Tenant ID, Client ID, and Client Secret, allowing Sumo Logic collectors to securely access the Microsoft 365 Management Activity APIs. This approach aligns with Microsoft’s recommended best practices for service-to-service integrations. Learn more.

We're excited to announce that you can now run search across child orgs with the View Organizations role capability. Previously, this functionality was limited to users only with Manage Organizations capability. Learn more.

We’re excited to introduce the new Sumo Logic Data Volume app for MSSPs, delivering detailed insights into data usage across all child orgs. With rich segmentation by data type, tier, category, collector, source, and host, the app enables precise analysis of ingest patterns at every level. Leveraging predefined dashboards it empowers MSSPs to efficiently monitor, analyze, and optimize ingest volume across their entire managed environment. Learn more.

We’re excited to introduce the new Sumo Logic source for Proofpoint TRAP, enabling seamless ingestion of message logs via the Proofpoint TRAP API. This integration provides enhanced visibility into email threats by delivering detailed insights on message disposition, detected threats, and policy actions. Security teams can now more efficiently identify, investigate, and respond to email-based attacks with improved context and analysis. Learn more.

We're excited to announce that you can now delete the ingested data directly from Sumo Logic using deletion requests. This helps you to quickly remove unintentionally ingested sensitive data without contacting Sumo Logic Support. Deletion requests support multiple datasets, time ranges, customizable filters, and full audit tracking. Also, you can manage the requests programmatically using the Data Deletion Rules API. Learn more.

We are excited to introduce the ability to manage lookup tables within library content on our Manage Content tab. With this enhancement, MSSP administrators can conveniently push lookup table items in the Library folder to multiple child organizations at once, simplifying content distribution and management. Learn more.

We're excited to introduce support for filtering the scheduled dashboard reports by child orgs. When setting up a scheduled report, select the required child org(s) from the Organization dropdown under the Select Variables section to receive a report that reflects data for your intended child organization. Learn more.

We are excited to announce the deployment of a new Sumo Logic service region in the Amazon Web Services (AWS) region located in Zurich, Switzerland, further expanding our global infrastructure to support customers across Europe. This new region enables organizations to deploy and operate their Sumo Logic environments with enhanced data residency, regulatory compliance, and reduced latency, while continuing to leverage the full capabilities of the Sumo Logic platform for log analytics, security monitoring, and observability. Learn more.

Enhancements​

We’ve enhanced multiple Sumo Logic apps to improve visibility, usability, and proactive monitoring with refreshed queries, localized dashboards, and new monitor alerts.

• Azure Security apps. Updated Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Graph Security with refreshed content and new monitor alerts to detect high-severity incidents, suspicious devices, and activity from embargoed or high-risk locations.
• Data Volume. Added monitor alerts to track log ingestion, detect usage spikes or data gaps, and prevent unexpected credit overages. Learn more.
• Enterprise Audit apps. Updated Enterprise Audit - Collector & Data Forwarding Management, Enterprise Audit - Content Management, Enterprise Audit – Cloud SIEM, Enterprise Audit - Security Management, and Enterprise Audit - User & Role Management with monitor alerts to improve compliance, detect misconfigurations, identify embargoed-location activity, and surface high-risk security events.
• Enterprise Search Audit. Added the Enterprise Search Audit – Failures KPIs and Breakdowns dashboard and monitor alerts to track search reliability, performance, and cost-related risks. Learn more.
• Flex. Added monitor alerts to help you detect ingestion spikes, prevent budget overruns, and control expensive queries by automatically flagging abnormal data usage and credit consumption before they impact costs or system stability. Learn more.
• Infrequent Data Tier. Added monitor alerts that help you control costs and usage by detecting consumption spikes, expensive or failed queries, and abnormal user or module-level scan activity before they waste credits. Learn more.
• SentinelOne. Added monitor alerts to help you detect high-risk threats, suspicious activity, and compliance violations in real-time, enabling faster response and stronger endpoint security. Learn more.

App deprecation​

• Security Analytics. The Security Analytics app has been deprecated and is no longer actively supported or recommended for use.

We’re excited to introduce our new Macros feature, which enables you to define reusable query logic that can be referenced across multiple searches. This approach improves efficiency, promotes consistency, and makes complex queries easier to manage and maintain at scale.

Key features include:

• Argument-based macros. Macros accepts arguments to dynamically adjust query behavior at runtime, enabling flexible and context-aware execution.
• Nested macro support. Macros can call other macros within their definitions, allowing you to build modular, reusable query components.
• Improved standardization of search logic. Macros help centralize commonly used filters, parsing rules, and aggregations, improving maintainability and ensuring consistent query behavior across teams.

Learn more.

Previously, we announced token-based authentication for secure HTTP sources. Now we are happy to announce that the Terraform sumologic_http_source data source adds the token and base_url attributes to support token-based auth for HTTP sources. Learn more.

We’re excited to announce that parent org administrators can now centrally manage default and user-specific role assignments for child organizations. This enhancement allows admins to assign custom roles for users accessing child orgs via SSO, reducing over-privileged access, eliminating per-org configuration overhead, and ensuring consistent role assignments across organizations. Learn more.

We're excited to announce the ability to manage source templates for enterprises with multiple organizations such as MSSPs (which typically have a parent organization with multiple child organizations). These source templates provide efficient, scalable data collection management by applying consistent setups across multiple collectors. Learn more.

We have reintroduced the ability to perform actions on content items directly from navigation menus in the new UI. You can now manage content more quickly without needing to open the Content Library first.

This enhancement reduces the number of clicks required to manage content, helping you work more efficiently and streamline everyday workflows. Learn more about our UI.

What’s new​

• Access actions from navigation menus. Perform actions directly from Recent, Library, and other navigation areas.
• Edit content quickly. Open and modify items without additional navigation steps.
• Delete without switching context. Remove content directly from where you are working.
• Move items easily. Relocate content between folders without leaving the current view.
• Share and export faster. Access common management options from the same menu.

We're excited to introduce secure token-based authentication for HTTP sources. This new capability allows you to authenticate using a unique token in the request header, maintaining the existing HTTPS endpoint behavior while adding token validation per source.

Obtain the token to use in an auth header when you configure an HTTP source or regenerate the URL. To learn more, see:

• Configure an HTTP Logs and Metrics Source
• Create an OTLP/HTTP Source
• Generate a New URL for an HTTP Source

We’re excited to introduce our new Searchable Time timestamp in Log Search, which indicates when ingested logs are fully processed and ready for search. Running queries using this timestamp helps you to eliminate errors caused by ingestion latency and non-linear indexing, ensuring non-overlapping time-range queries return complete results without gaps or duplication. Learn more.

Enhancements​

• Azure SQL Managed Instance app. Updated documentation for the Azure SQL Managed Instance app, including detailed steps for collecting logs, audit logs, and metrics.
• Sumo Logic Audit app. Added monitor alerts for the Sumo Logic Audit app.
• CrowdStrike - Falcon Endpoint Protection app. Updated the sample log messages, dashboards, and monitor alerts for CrowdStrike - Falcon Endpoint Protection app to coordinate it with EppDetectionSummaryEvent data type.
• Azure Container Instances app. Updated the Azure Container Instances app to set the default value for resource_type to CONTAINERGROUPS and added the !category field in log query scope.
• Windows Source Template. Released the Windows Source Template version 9.1.0, which tags the default _parser for logs forwarded to Cloud SIEM. For detailed version information, refer to the changelog file.
• Updated OpenTelemetry apps. Redis and HAProxy.

We're excited to announce that Auto Parse Mode is now enabled for MSSPs customers. This feature automatically extracts fields from JSON log messages at search time, reducing manual parsing effort and accelerating analysis. Learn more.

We’re excited to announce that we’ve updated the Webhook Connections setup flow and all related subdirectories (such as Slack, Datadog, Jira, and others) in the Sumo Logic documentations to align with the new Connections page experience. Learn more.

We’re excited to announce that signing in to Sumo Logic is now even more convenient using your Google account credentials. If your email address is associated with a Google account, simply select Continue with Google on the sign-in page to access Sumo Logic with no additional setup required.

You can also use Google SSO when signing up for a new Sumo Logic account. Organizations that use SAML or other identity providers can continue to sign in using their existing authentication methods. Learn more.

New release​

LiteLLM​

We are excited to announce the addition of a native Sumo Logic HTTP Source webhook integration for collecting LiteLLM usage and proxy log data in Sumo Logic. Learn more.

Enhancements​

• VMware Tanzu Application Service. Released Sumo Logic Nozzle for VMware Tanzu versions 1.0.7 and 1.0.8, which add support for Tanzu v10.2. For detailed version information, refer to the changelog file.
• AWS Serverless Application Models (SAM). Released the following two SAMs:
  • sumologic-aws-cloudtrail-benchmark 1.0.22
  • sumologic-guardduty-benchmark 1.0.19

This is an archive of the 2025 Sumo Logic Service Release Notes. To view the full archive, click here. Release notes are available on our website for a rolling multi-year period. For information about older releases, contact Support.

This is an archive of the 2024 Sumo Logic Service Release Notes. To view the full archive, click here. Release notes are available on our website for a rolling multi-year period. For information about older releases, contact Support.

This is an archive of the 2023 Sumo Logic Service Release Notes. To view the full archive, click here. Release notes are available on our website for a rolling multi-year period. For information about older releases, contact Support.

This is an archive of the 2022 Sumo Logic Service Release Notes. To view the full archive, click here. Release notes are available on our website for a rolling multi-year period. For information about older releases, contact Support.