This report provides a unique perspective on trends based on the usage of app architectures, processes, tools and use cases by leading-edge enterprises. The data in this report analyzes the technology adoption from more 2,000 Sumo Logic customers who run massive mission-critical modern applications on cloud platforms like AWS, Azure, and Google Cloud Platform, as well as hybrid cloud infrastructures.
Sumo Logic has a broad-scale initiative to Dockerize it's service and JFrog's Xray was built from the ground up using Docker. The Sumo Logic engineering team has learned a lot in going through this process of Dockerizing microservices. As Sumo Logic’s Chief Architect, Stefan Zier, explains, "Some of Sumo Logic's microservices have 1,000+ instances of the service running and when we do an upgrade we need to pull 1,000+ in a reasonable amount of time - especially when we’re going to do continuous deployment." In terms of adoption and learning curve.
In this demo, we're going to discuss LogReduce which finds the meaningful patterns in your data and reduces the noise, which so overwhelms most Log Analytics tools. But it condenses that data without excluding any important details about your machine data. So let's get started. I've just had an application failure and using Sumo Logic, I'm looking at five minutes on either side of that failure to see if there's any things that pop out at me that might have caused the failure. As you can see, it's a huge number of logs; it's 133 pages. This is just an overwhelming number to look through and this is really where the secret sauce of Sumo Logic comes in. Using LogReduce and the summarize operator, I can look for the meaningful patterns in those logs and be able to get down to the root cause because unlike with keyword searches, I'm not ignoring any of the data. Logs are extremely repetitious. Starting right off, we can see that we've got a stack trace and that stack trace has gone over 900 times. Now, this is the kind of noise that I want to know about, but ignore because I already know what it means. I'm looking for that needle in the haystack. Here, we can see some network access through our firewall. Interesting, but probably not part of the problem. Here, we use asterisks. That indicates the part of this log statement that changes. Whereas the rest can be used to group them together. Below that, we can see a get statement, so it's a different type of log. Now we can adjust those patterns to better group our log statements if you'd like by clicking on the pencil. In that way, we can adjust the pattern to better represent what log statement should be grouped together. I can also adjust the relevance of any grouping by using the thumbs up or thumbs down icon. We can continue to scroll the events; I see some Windows events here. Now here is something that might be of interest to us. This log line indicates that a user on the PIX firewall executed a pretty draconian statement that denied access over a pretty wide range of IPs. More likely than not, this is what is the root of our problem. How would I have looked for this with keyword-based searching? I might have looked for anything having to do with a database; perhaps an IP, a host name, a port number. None of those options would have turned up this log line. Why? Because there's nothing to associate it with the database directly. This really lies at the root of the weakness of keyword searches as compared to LogReduce. Typical keyword-based searching would constrain the data and eliminate what didn't fit. LogReduce is able to condense the data and help me find those things that I didn't even know I was looking for and in that way, speed up the root cause analysis. Let's go over what we showed you today. We showed you how we could find those meaningful patterns in the data by reducing the noise of all of those errors that weren't important. It helped us find that single PIX firewall problem that was at the root of our application issue.
Product Overview of the Sumo Logic Service Sumo Logic is the first enterprise-grade cloud-based service that collects, manages, and analyzes all of your log data. Our unique processing and analytics capabilities combine to give you real-time operational and security insights across all of your critical applications and infrastructure, on-premise or in the cloud. Sumo Logic is delivered as a simple to use web application and you can start troubleshooting and root-cause analysis of your applications and IT infrastructure in less than 15 minutes. With Sumo Logic, you get deep analytics into how your applications behave, and thus can better serve your customers. And now, you have a real-time way to uncover operational and security incidents across your entire infrastructure, regardless of where the log data resides. Sumo Logic's powerful search language enables you to identify important messages, extract meaningful values and metrics, and execute sophisticated operations regardless of data volume. This enables you to quickly sort through hundreds of thousands of logs across all of your servers, and identify the one exception that is causing your application to fail. But it isn't all about querying. Sometimes, even the most savvy engineer behind a query language, needs help when faced with millions of logs in one day. Sumo Logic's LogReduce algorithms distill millions of log lines into a set of human-digestible log patterns, so you know exactly which new behaviors are impacting your application or infrastructure. And, you can get proactive as well. As you uncover important conditions, you can let Sumo Logic run these queries in the background to keep track of activity automatically, and notify you when important conditions are detected, behaviors change, or issues occur. With the Sumo Logic solution, you can now spend less time trying to find issues across applications, networks, systems and devices by manually analyzing logs, and instead, spend more time turning that infrastructure or applications into a strategic business asset. Sumo Logic. Big Data for Real-time IT.
Watch an example of how Sumo Logic can help your business securely manage its data by using our machine learning tools to Monitor and Troubleshoot irregularities in your Application's data systems in an AWS instance to preserve the security of your data and of your users' data. Workloads are migrating both partially and fully to cloud-based platforms to increase the speed and agility of innovation. AWS (Amazon Web Services) is one of the most sought-after IaaS providers that software-centric organizations choose to run their applications on. Organizations are shifting from building, deploying and maintaining monolithic applications with multi-year development cycles, to application or micro services that can be updated independently from one another. Sumo Logic's ability to provide Continuous Intelligence helps quickly identify the root of the problem and implement a solution to save hours of investigation time by informing the admin when anomalies occur and quickly analyzing large volumes of logs to find disruptions of 3 standard deviations from expected patterns.
A Deeper Look into Your Box Environment SECTION I. Intro Slide Welcome to the demo of the Sumo Logic Application for Box. We are a Box Trust ecosystem Partner. This application provides insightful dashboards that enable you to look deeper into the activities occurring in your Box environment. SECTION II. What is Box and Key Values of the Application? Box is a business content platform in the cloud. As Box resources are accessed, created, utilized, and modified by users, the platform generates rich data. Sumo logic can analyze and correlate across this data to provide user and administrative activity insights. With the availability of this application in our application library, you can now gain access to dashboards that enable you to: Gain a comprehensive understanding of how your users interface with content through user activity audit trails Collect details about user and device origins through viewing metrics based on geographic location, type of device(s), and network location. View the different ways that groups of users collaborate through monitoring access to shared resources Decide how to effectively manage and distribute Box licenses across the top content creators and consumers in your organization Investigate failed login activity and suspicious administrative actions that may suggest productivity roadblocks or security threats related to issues with accessing resources Search for any event or activity across your Box environment to gain a better understanding of unique activities that may require deeper analysis or remediation SECTION III. Demo Lets take a deeper look into the activity occurring in your Box environment by viewing some of our built-in dashboards: Digging deeper into this dashboard, you can see a variety of administrative user metrics. Here you can see the top users who have experienced login failures: this alarming number of logins by one user, such as David here, may require investigation. Now, this monitor shows the different types of administrative activities that users have performed. Active users here in this table should only be current employees and not terminated employees. Administrative privileges may need to be tightened especially if this table contains any suspicious actions by malicious attackers. Now moving on to the Box Access Resource dashboard, you will discover which resources are most frequently accessed. Here you can see a list of resources that have been moved or copied. This could be due to a content migration or perhaps resource cleanup is required to reduce clutter or confusion caused by duplication. Now moving along to the next dashboard, this chart represents an opportunity for you to identify whether users are collaborating within their Box license quotas so that you can proactively adjust the limits without interrupting user productivity. On the other hand, this shared resources monitor is critical as it may aid in revealing sensitive content that may be over-shared and may require the content owner to restrict access to a smaller audience. As you can see, this collection of monitors is essential for enabling an administrator to monitor and secure resources. It is inherent to effectively leverage tools like these to better manage collaboration repositories and also prevent the theft and obliteration of intellectual property. SECTION IV. WRAP UP So, start gaining deeper insight with the Sumo Logic Application for Box. This application is currently available for consumption by all of our Professional and Enterprise customers through our App Library. For more information, please visit sumologic.com.
Sumo Logic for DevOps Scott Anderson, Site Reliability Engineer, Sumo Logic DevOps in general is a new idea, it’s a new way of organizing an engineering team. I would say the secret is flexibility and communication and agility, coming together, not being stuck in any one particular mindset, but taking any idea that is a great idea and running with it. When I walk in every day here at Sumo Logic, I check this dashboard that we’ve created. What we’ve done is we use our own system to monitor our own system. And that helps us, in general, get an idea of what the customers are feeling and what they are experiencing. It also helps us push the product forward. Our real-time dashboards and search performance allow us to provide a very high level of service for our customers. We use our systems to search back within the logs to find issues to correlate those with problems that customers may have experienced. And that allows us to pinpoint or locate specific areas to dig deeper. We use our product every day, every minute of every hour of the day. It is used in a broad number of ways, from gathering business side metrics to gathering infrastructure side metrics. We can see trends in more customer sign-ons or higher ingest data and with that information, we know we need to provision more infrastructure. If we spot any issues, we can also remediate those before they become much much bigger issues. We can also use the product to grab trending data as well, so trends on what areas are used. We can prioritize development time to add new features there or optimize new features there to create the experience the customers are looking for.