Learn

Learn advanced techniques and optimizations to collect, transform and analyze your machine data to improve effectiveness and gain better operational insights and security of your digital business.

Certifications

Sumo Logic certified users are individuals with proven Sumo Logic expertise. Our certifications recognize professionals with the skills and knowledge needed to analyze their machine data.

Fundamentals

This introductory course is designed for all users to learn the basics for how to search, parse and analyze the logs and metrics important to your organization. This session will guide you through running searches, simple parsing and basic analytics on your data. Learn how to take your queries into visual charts and add them to dashboards. Install any of our over 200 apps containing out-of-the-box queries and dashboards to help you visualize trends and easily identify anomalies. Lastly, learn how Alerts can help you stay on top of your critical events.

Observability Fundamentals

To ensure an app is performing as expected and is working reliably, an organization needs to ensure the deployment of its CI/CD pipeline. To do so, merely implementing continuous monitoring does not suffice. Your organization requires an observability solution to collect metrics and drive actionable insights. The Observability Fundamentals training introduces Sumo Logic’s observability solution, including its differentiation, features and capabilities, and the values it brings to the various teams in your organization. Topics include the three pillars of Observability -- Logs, Metrics and Traces -- identifying root cause of issues, and tracing the incidents to successfully troubleshoot an issue.

Cloud SIEM Fundamentals

This course is for SOC analysts who want to learn how to use Sumo Logic’s Cloud SIEM add-on to monitor their systems and investigate threats. It's also for Sumo Logic users who are interested in learning more about Cloud SIEM before upgrading their accounts. You’ll learn how Cloud SIEM ingests your data and turns it into actionable security Insights. You’ll also get hands-on practice with threat investigation, take actions on Insights, and learn the basics of SOC content creation, like writing rules and custom Insights.

Administration

Designed for Administrators, this course shows you how to set up your data collection. Learn how to use best practices for configuring your collectors and sources. We’ll share optimization techniques for fields, using field extraction rules, scheduled views and partitions. Guidance through the administration UI for such items as creating users, roles, security and preferences. Installation and overview of highly recommended user auditing and data volume applications is covered. Lastly, you will create a special data ingest query and create a meaningful alert.

Observability Administration

The Observability Admin training focuses on AWS Observability solution, end-to-end Kubernetes solution and gathering tracing data of an application for observation and tracking. The training focuses on hands-on labs deploying the AWS Observability solution using Cloudformation Template, configuring and deploying customized K8s cluster and establishing trace points to gather trace data using Open Telemetry.

Cloud SIEM Administration

This course is for admins who want to set up Sumo Logic’s Cloud SIEM add-on for their organization. It's also for Sumo Logic administrators and analysts who are interested in learning more about tuning Cloud SIEM for their organization’s specific policies and needs. You’ll learn how to set up data ingestion for Cloud SIEM, including writing custom log and ingest mappings. You’ll also learn how to customize your environment with a deep dive into custom rules and Insight Actions.

Metrics Mastery

Designed for anyone that wants to use metrics, or KPIs. We will start with the an introduction to metrics - What are they? How are they generated? How are they used? Then you will configure metrics data, by installing a collector with a source. Install the Host Metrics App from our out-of-the-box apps for quick monitoring with existing dashboards. Gain applicable experience on unifying metrics with their associated incoming logs for easier drilldowns when
troubleshooting. Learn best practices for collecting and analyzing metrics to leverage for your own use. Develop various metrics queries with visual charts, and insert them into dashboards and create alerts for monitoring. Lastly, you will learn how to join different metrics series to create a third series using math operators.

Search Mastery

Designed for anyone that wants to use metrics, or KPIs. We will start with the an introduction to metrics - What are they? How are they generated? How are they used? Then you will configure metrics data, by installing a collector with a source. Install the Host Metrics App from our out-of-the-box apps for quick monitoring with existing dashboards. Gain applicable experience on unifying metrics with their associated incoming logs for easier drilldowns when troubleshooting. Learn best practices for collecting and analyzing metrics to leverage for your own use. Develop various metrics queries with visual charts, and insert them into dashboards and create alerts for monitoring. Lastly, you will learn how to join different metrics series to create a third series using math operators.

Event home page

Workshops

Interact, get hands-on and dive deep around a key feature of Sumo Logic.

AWS Observability

With applications moving to the cloud at an ever-increasing rate, new challenges in observability are presented as application architectures inevitably become more complex. Distributed systems or micro services are changing the landscape of effectively monitoring, troubleshooting and securing your application. This workshop gives you a hands-on opportunity to use Sumo Logic’s new AWS Observability with exercises on Root Cause Explorer and Tracing solutions to break down those data silos and help you drastically reduce the time it takes to identify and troubleshoot issues with your application by giving you a topological understanding of your AWS environment across multiple accounts and regions.

Application Observability

Have you ever wanted the query power of Sumo Logic for your traces and not just your logs and metrics? Move beyond traditional monitoring and troubleshooting with our new service map, Real-time User Monitoring (RUM) support, and trace query builder. In this one-hour hands-on workshop you can work with our tracing solution, work with our new user monitoring interface, and learn how to readily identify real-time issues, and respond back quickly and confidently.

Metrics Basics

Get started monitoring across your systems with Metrics. Our new Metrics interface makes it easier to collect and query your important data across systems and get alerted in real-time with this hands-on workshop. You ll learn to build a basic metrics dashboard and set an alert.

Cloud Security Monitoring and Analytics

In this course you will create starter SOC queries, as panels in a dashboard. These advanced operator queries help you monitor such things as user activity across the globe, failed logins, land speed violations and brute force attacks. You will create parameterized lookup tables for easy panel or dashboard pivots. You will learn how to export the starter SOC dashboard you created for use in your own environment. Lastly, you will be able to detect and investigate IOCs with the use of our embedded CrowdStrike database which monitors malicious IPs addresses and apply scheduled views as a best practice to improve performance.

Security Operations Center (SOC) Analyst: The Ride

Roll up your sleeves because it’s time to experience Cloud SIEM from the front lines! In this live workshop you’re a security analyst working in a SOC for a large financial services organization. So jump in and get a hands-on experience of the analyst workflow and investigation process using Cloud SIEM Enterprise add-on. You’ll experience our modern, analyst-built user interface starting with Insights, then working back to your Signals, performing Records search, and searching deeper across all your data in Sumo’s secure platform. Along the way, you’ll learn about our different types of rules included in our out-of-the-box content and gain a better understanding of how your Signals are generated. You ll also see the flexibility of our rules engine and the ease of moving from threat investigation to response.

Making All the Rules: Rule Tuning for SOC Admins

Love the Cloud SIEM out-of-the-box rules but ready to make some adjustments? Then this hands-on lab class was designed for you. You’ll learn how to tune rules to make necessary exceptions to existing rules to control your alerts, how to create additional rules for your own unique business needs, and how to create custom insights to help your SOC team focus on what’s most important. Note: We recommend taking the Security Operations Center (SOC) Analyst: The Ride workshop prior to taking this workshop so that you’re able to jump right in and get hands-on.

Threat Hunting with SpecOps: 4 Windows Event IDs to rule them all

Join us for a discussion around the security magic behind Threat Hunting with our Senior Threat Analyst for our SpecOps Team. We’ll cover four common attacks on Windows Event IDs as well hear about Threat Hunting Fundamentals and how best to leverage features in Cloud SIEM.

Sensu and Sumo Logic: Graduate to monitoring as Code

Take control of your monitoring and observability data with the Sensu Go observability pipeline. Collect custom application metrics and integrate observability data inside of Sumo Logic to take advantage of key visualization and troubleshooting tools. Monitoring as code can change your observability game and this is a great opportunity to explore how Sensu and Sumo Logic work together to save you time and energy.