Kubernetes Observability ebook
Monitoring, troubleshooting and securing Kubernetes with Sumo Logic.
The Sumo Logic Kubernetes Apps provide visibility into Kubernetes worker nodes, application logs as well as visibility into the Kubernetes control plane including the API server, scheduler, and controller manager. The apps are a single-pane-of-glass through which you can monitor and troubleshoot container health, replication, load balancing, pod state, hardware resource allocation for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets. The apps also utilize Falco to monitor and detect anomalous container, application, host, and network activity as well as to monitor Kubernetes audit events.
Metrics transformation rules allow you to aggregate metrics at collection time and specify a separate retention period for the aggregated metrics.
Metrics transformation rules are useful when:
Data enrichment is the process of adding context to your data so you have more control and an easier time referencing data in your monitoring and troubleshooting workflows. Data enrichment for logs gives customers the ability to describe their log data in a natural and intuitive way by mapping their mental model of how they think about logs to simple key-value pairs. Sumo Logic has extended the already extensive metadata support of metrics to log data, including automatically capturing metadata from integrations - including the new Kubernetes solution. With this new capability customers can freely tag their logs with simple key-value pairs, helping them investigate and solve issues faster. Customers can set their own fields at the collector level, source level, or on a log-by-log basis using HTTP headers. Once the logs have been enriched with these tags, customers can use those tags in search queries, dashboards and alerts.
Explore for Kubernetes provides a visual map of the hierarchy of your Kubernetes environment through which you can intuitively navigate. You can filter the display to focus on deployments, nodes, services, or namespaces. Explore accomplishes this by translating metadata fields into an easy to understand mental model so you can quickly check system states at various levels and proactively troubleshoot issues.
The Sumo Logic App for Amazon EKS - Control Plane App provides visibility into the EKS control plane with operational insights into the api server, scheduler, control manager, and worker nodes. The app’s preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.
The Sumo Logic App for Azure Kubernetes Service (AKS) - Control Plane provides visibility into the AKS control plane with operational insights into the API server, scheduler, control manager, and worker nodes. The app's preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.
The Sumo Logic App for Google Kubernetes Engine (GKE) - Control Plane allows you to monitor resource-related logs and metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets. The app provides visibility into the GKE control plane with operational insights into the api server, control manager, and worker nodes. This App works in conjunction with Sumo Logic Kubernetes app, that provides visibility into worker node metrics and application logs.
The Sumo Logic App for StackRox helps customers detect, investigate, and remediate vulnerabilities, insecure configurations, compliance
violations, and runtime threats across all containers and Kubernetes environments.
The Sumo Logic App for Twistlock provides a comprehensive monitoring and analysis solution for detecting vulnerabilities and potential threats within your Kubernetes and containerized environments.
The Sumo Logic App for MongoDB Atlas allows you to monitor database operations, performance KPIs and provides visibility into the security posture of your clusters. with the following dashboard types:
The Sumo Logic App for JFrog Xray provides visibility into the state of artifacts and components in your JFrog Artifactory repository.
The Sumo Logic App for Istio provides visibility into the health and performance of Istio and its control plane components, including Mixer, Galley, Citadel, Pilot and Envoy. App dashboards also allow you to monitor how services and applications are performing in Istio Mesh, providing insights into service latency, errors, network traffic, and request workloads.
The Sumo Logic App for CircleCI tracks and visualizes analytical data across all of your jobs.
The Sumo Logic App for Spinnaker provides customers with the ability to monitor the health and productivity of their end-to-end software delivery process through live dashboards. Customers will gain at-a-glance visibility and longitudinal trends in usage and pipeline deployments across all dev, staging, and production environments.
The Sumo Logic App for Aqua Security provides users with a holistic cyber-security monitoring and forensics solution for containerized and cloud native environments.
The Sumo Logic App for Slack provides monitoring and data analytics for Slack users, channels, access logs for workspaces with free, standard, plus and enterprise plans.
The Cisco Meraki app provides a single-pane-of-glass for monitoring and troubleshooting network security, end-to-end performance, switch port management, and device management of your Cisco Meraki wireless infrastructure management platform.
We've broadened support for tag-based filters and queries for AWS CloudWatch metrics. This feature enables you to use AWS CloudWatch metadata for three important capabilities
This new feature allows you to track and control how much data is ingested into Sumo Logic and avoid overages in your environments where data ingestion can spike unexpectedly. With Ingest Budgets, you can create budgets with thresholds that either cap ingestion to a daily limit or simply alert whenever the threshold is exceeded.
You can protect yourself against unexpected ingest spikes by creating an Ingest Budget with your preferred limit and assign a group of collectors to that budget. Each collector consumes the budget as a shared pool of capacity. Once a budget passes your specified threshold, you can get an alert. Once the budget is exceeded, collection will be stopped for each collector associated to the budget, if desired.
The enhanced Jenkins App allows you to monitor multiple Jenkins master nodes, Jenkins config changes, jobs, builds and logins and helps you quickly troubleshoot the root cause of application test failures.
The Sumo Logic Global Intelligence Service for Amazon GuardDuty analyzes globally active threats detected by the Amazon GuardDuty service to provide crucial insights and context into how an organization’s overall threat profile differs from industry peers and identifies rare or critical threats operating in the organization's environment.
What can security benchmark on AWS do for you?
The new Enterprise Audit Event Index provides additional events and event information in JSON format. These messages provide more context on the interactions and events occurring within your account allowing administrators an easy way to reconstruct the series of user interactions that led to an object’s current state. Additionally, the new Enterprise Audit Apps present information on account management activities, user activities, as well as management of library content (searches, dashboards/reports, and folders) for your Sumo Logic account. This new Audit Event Index and the associated Apps are available to any Customer on a Sumo Logic Enterprise Plan.
Docker Enterprise Edition (Docker EE) is an industry standard container platform, running modern container orchestration engines such as Kubernetes behind the scenes. Docker EE is designed for enterprise development and IT teams who build, ship, and run applications in production scale environments. The Docker EE App facilitates monitoring and troubleshooting distributed microservice based applications running in Docker containers. The app enables you to correlate events across the Docker platform and application containers and detects anomalous patterns for faster root cause analysis.
The Barracuda WAF App analyzes traffic flowing through the Barracuda WAF and provides pre-configured dashboards that allow you to monitor WAF traffic as well to analyze various types of attacks detected both by Barracuda and Sumo Logic’s own Threat Intelligence database.
The enhanced G Suite App allows you to monitor and analyze activities across all G Suite applications and G Suite Alert Center. Comprehensive dashboards display information about administrative and user activities, Google Drive usage, and logins. Dashboards also provide full visibility into alerts from G Suite Alert Center, allowing you to monitor, investigate and correlate alerts across all G Suite activity.
The IIS App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. This app also provides the ability to monitor customer paths and interactions, so you can analyze how customers are using your applications.
The Sumo Logic App for Carbon Black provides visibility into key endpoint security data from Carbon Black Response and Defense with preconfigured dashboards for alerts, threats intelligence, feeds, sensors, alerts, users, hosts, processes, IOCs, devices, and network status.
The Cylance App enables you to analyze Cylance security events by type, status, and detection method. You can use the App to investigate Cylance-specific events and provide operational visibility to team members without logging into Cylance.
The Netskope App provides visibility into the security posture of your applications and helps you determine the overall usage of software and SaaS applications.Netskope is a Cloud Access Security Broker (CASB) hosted in the cloud. The Netskope product is primarily used for enforcing security policies for cloud-based resources, such as Box and Microsoft Office 365.
The Cloudflare App provides a set of dashboards that make analyzing Cloudflare logs easy, helping you to understand events and trends from your websites and applications on the Cloudflare network. Logs are gathered from all 160+ Cloudflare data centers in near real-time and can be combined with other data sources, such as your origin data, to provide unique insights and help you improve the performance and security of your websites and applications.
This new set of User and Role Management APIs allows customers to programmatically create and manage users and roles, thereby making it easy to integrate Sumo into existing company onboarding and offboarding workflows.
The Sumo Logic App for VMware collects unified logs and metrics (ULM) from the VMware cloud computing virtualization platform, including vCenter Server, vSphere, ESX/ESXi, and individual virtual machines, for real-time display in predefined dashboards. The dashboards allow you to monitor your entire VMware cloud computing virtualization platform, with insight into key events and metrics such as VM CPU, memory, disk utilization, under-provisioned physical hosts, and idle VMs. This enables you to determine capacity constraints and troubleshoot operational issues related to over-provisioning, changes to configuration, and VM movement.
The Sumo Logic App for F5 BIG-IP Local Traffic Manager (LTM) helps you optimize and secure network traffic patterns coming into your data center using the F5 BIG-IP platform. This App analyzes traffic flowing through the F5 Local Traffic Manager (LTM) and automatically detects threats using Sumo Logic Threat Intel. The App provides pre-configured dashboards that allow you to monitor traffic details by application, facility, pool, active and non-responding hosts, connections, and logins. It also reports LTM CPU, disk usage, and outliers in LTM activities and traffic patterns.
Metrics now supports Single Value Charts. A single value metric chart is useful for summarizing a time series in a single value, and making that value stand out at a glance.
The Sumo Logic App for PagerDuty V2 collects incident messages from your PagerDuty account via a webhook, and displays incident data in pre-configured Dashboards that allow you to monitor and analyze the activity of your PagerDuty account and Services. The Sumo Logic App for PagerDuty V2 uses Webhooks V2, to provide enhanced context for alert object models.
Azure Active Directory is a cloud-based directory and identity management service that provides directory services, application access management, and identity protection. The Sumo Logic App for Azure helps you monitor activity in the Azure Active Directory. The dashboards provide insight into role management, user management, group management, successful and failed sign-in events, directory management, and application management data that helps you understand your users’ experience.
Aurora MySQL ULM is a unified logs and metrics (ULM) app for your Aurora MySQL database. The app allows you to monitor slow queries executing on the database, the number of connections made, identify users, client hosts, and client locations used to connect to database. The app also provides insights for queries executed per second, CPU utilization, free memory, network utilization, volume read and write IOPS, replica lags, latency, throughput, failed login / connection attempts, and other health and performance related data.
The Sumo Logic App for AWS Security Hub leverages findings data from Security Hub and visually displays security state data in Dashboards. The dashboards provide a high-level view of findings, showing the type, when they occurred, the resources that were affected, their severity, and their distribution, showing the current security and compliance status of an aws account from all sources.
An update to the Sumo Logic App Amazon VPC Flow Logs was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 Source. The alternative Lambda-based collection method is enhanced: you can filter internal traffic logs, and customize your VPC flow logs with the following AWS attributes: vpc-id, subnet-id, aws-region, security-group-ids, and direction. The updated app also includes a new “Security Groups” dashboard.
Aurora PostgreSQL ULM is a unified logs and metrics (ULM) app for your Aurora PostgreSQL database. The app allows you to monitor the number of connections made, CPU utilization, free memory, network utilization, volume read / write IOPS, disk queue depth, replica lags, latency, throughput and other resource utilization details. With Cloudtrail logs, the app allows you to identify user, client host and client locations being used to configure Aurora PostgreSQL infrastructure.
Sumo’s HTTP source now supports the Prometheus format, so you can ingest Prometheus metrics directly into Sumo Logic. We’ve also released a handy open source tool for sending Prometheus-formatted metrics to Sumo Logic.
Google Cloud Platform (GCP) firewall rules let you allow or deny traffic to and from VMs in a Google VPC network. The Sumo Logic app for Google Cloud Firewall helps you monitor request activity and the effect of your firewall rules. The preconfigured dashboards provide insight into ingress and egress request traffic, including the location of allowed and denied requests, allowed and denied requests over time, and the top networks, subnetworks, and VMs by allowed and denied ingress requests.
The Sumo Logic App for PostgreSQL is a unified logs and metrics app for monitoring your PostgreSQL database. The app provides operational insights into the PostgreSQL database—installed on your local hardware—for real time analysis, helping you to troubleshoot issues before they become serious problems.
The Sumo Logic App for Jira provides insight into Jira usage, request activity, issues, security, sprint events, and user events.
The Sumo Logic App for Puppet helps you monitor Puppet metrics and events, which means that you can easily determine when Puppet runs occurred.Track service and applying times for each run.Find out how often resources have changed, skipped, failed to update, or are out-of-sync.Find out the root cause of issues by correlating puppet runs with metrics from other components in your infrastructure.
The Sumo Logic App for Payment Card Industry (PCI) Compliance for Palo Alto Networks offers dashboards to monitor firewall traffic activity for compliance with PCI requirements 01, 02, and 04.
Palo Alto Networks (PAN) 8 provides a next generation firewall and the Traps Endpoint Security Manager. The Sumo Logic app for Palo Alto Networks 8 gives you visibility into firewall and traps activity, including information about firewall configuration changes, details about rejected and accepted firewall traffic, traffic events that match the Correlation Objects and Security Profiles you have configured in PAN, and events logged by the Traps Endpoint Security Manager.
Sumo Notebooks provide a way to seamlessly access data stored in Sumo Logic for the purpose of data exploration and statistical analysis. The notebooks provide an interactive way to gain and share insights of a dataset. Built on top of Apache Zeppelin and Jupyter, Sumo Notebooks provide a state-of-the-art user experience coupled with access to the most recent machine learning frameworks such as Apache Spark, TensorFlow and other tools to unlock the value of machine data.
AWS Web Application Firewall (WAF) is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
The Sumo Logic App for AWS WAF analyzes traffic flowing through AWS WAF and automatically detects threats via Sumo Logic Threat Intel. The App provides pre-configured dashboards and searches that allow you to monitor threat and traffic details by client IP, allowed and blocked traffic, malicious IPs, threat actors, location, rules configured, trends and more.
S3 Event Notifications with AWS Sources is a new addition to Sumo’s S3 integration which combines scan-based discovery and event-based discovery into a unified integration that gives you the ability to maintain a low-latency while collecting logs from S3 and provides assurances that no data was missed or dropped. When you enable event-based notifications, S3 automatically notifies Sumo Logic that new files are added.
The new Subquery operator allows a user create complex filtering conditions within the same query. It’s also valuable when you don’t know the necessary data to restrict the scope of the query, but another query could return the right conditions. For example if CrowdStrike identifies a threat, you can correlate the time of that attack with your Windows Events from the time of that threat.
The Sumo Puppet module downloads the sumo logic collector agent from the Internet and installs the Sumo Collector agent. The module also allows sources to be created during installation and updated afterwards. Currently, the module only supports the installation of latest collector version.
Duo Security provides two-factor authentication, endpoint remediation, and secure single sign-on tools. The Sumo Logic App for Duo Security helps you monitor your Duo account’s authentication logs, administrator logs, and telephony logs. The dashboards provide insight into failed and successful authentications, events breakdown by applications, factors, and users, geo-location of events, admin activities, outliers, threat analysis of authentication, and administrator events.
The Sumo Logic Terraform provider enables better automation of Hosted Collector and Source creation.
Azure SQL Database is a managed relational cloud database service. The Sumo Logic app for Azure SQL helps you monitor activity in Azure SQL. The preconfigured dashboards provide insight into resource utilization, blocking queries, database wait events, errors, runtime execution stats, and other database analytics.
Our Docker Stats source collects metrics about the the Docker Containers. This provides visibility into resource consumption of Docker containers. Historically these have been ingested as logs however now we support ingesting this data in the Carbon 2.0 metric format.
Logs and metrics for most Azure services can be exported to Azure Storage Account as block blobs. This new Sumo integration provides an event-based pipeline for shipping monitoring data from Azure Blob Storage to an HTTP source on Sumo Logic. This solution is good for monitoring Azure services that do not support exporting logs to Azure Monitor, for example, Azure Web Apps and Azure Storage Accounts.
Amazon Redshift is Amazon’s data warehousing service. The Sumo Logic App for Amazon Redshift ULM helps you monitor activity in Amazon Redshift. The app is a unified logs and metrics application with preconfigured dashboards provide insight into database connections, SQL command and statement execution, database user account events, CloudTrail events, and resource utilization by node and cluster.
Search Templates allows organizations to map their business process and playbooks to Sumo content much more quickly and efficiently in order to accelerate the information discovery and gain insights that help them make better business decisions.
The Sumo Logic app for Squid helps you monitor activity in Squid Proxy. The preconfigured dashboards provide insight into served and denied requests; HTTP response codes; URLS experiencing redirects, client errors, and server errors; and quality of service data that helps you understand your users’ experience.
We’ve updated the ability to share commonly used assets such as searches and dashboards in a secure, fine-grained and flexible role-based access control (RBAC) model. Content Sharing allows users to selectively share and collaborate on dashboards and searches with specific users or roles. Administrators can manage dashboard and searches created by other users and highlight key content to specific users and groups.
The Sumo Logic App for AWS CloudTrail helps you monitor your AWS deployments, with predefined dashboards that present user and administrator activity, network and security information, CloudTrail console logins, and information about your S3 buckets and public objects.
Optimization in the queries and more add-on information to help users monitor effectively.
New use cases added to monitor S3 public objects/buckets.
The Sumo Logic App for AWS Lambda ULM is a unified logs and metrics (ULM) app that helps you monitor the operational and performance trends in the Lambda functions in your account.
Sumo Logic has partnered with Neustar, an industry-leading IP intelligence provider, to deliver a more accurate database for geolocating IP addresses in your log messages. This helps you more confidently detect suspicious logins, maintain regulatory compliance, analyze end-user behavior and more based on the locations of connecting devices.
The Sumo Logic App for Oracle provides insight into the health and activity of your Oracle database. The app consists of predefined dashboards that present information about errors, ORA messages, listener activity, connections, security monitoring, the syslog and XML audit trails and performance monitors from oracle system tables and views.
The Sumo Logic app for Google BigQuery helps you monitor data and activity in your BigQuery data warehouse. The preconfigured dashboards provide insight into the projects, operations, queries, user management operations, user activities, and billed GBs in BigQuery.
The Sumo Logic app for Google Kubernetes Engine helps you monitor activity in Google Kubernetes Engine, providing node-level and pod-level monitoring information. The preconfigured dashboards provide insight into Kubernetes events, errors and activity; pod scheduling; created and killed resources; and severity messages.
The Sumo Logic app for Google Cloud Storage helps you monitor activity in Google Cloud Storage. The preconfigured dashboards provide insight into request locations, bucket and object operations, user activities, errors, and bucket statistics.
The Sumo Logic app for Google Cloud SQL helps you monitor your usage of Google Cloud SQL. The preconfigured dashboards provide insight into created and deleted resources, messages, authorization failures, user activities, and error logs.
Google Compute Engine is the Infrastructure as a Service component of Google Cloud Platform that delivers virtual machines running in Google’s data centers and worldwide fiber network. The Sumo Logic App for Google Compute Engine helps you monitor your infrastructure by providing preconfigured dashboards that allow you to view the activities, users, message severity of your Google Compute Engine infrastructure.
The Sumo Logic App for Google Cloud VPC provides visibility into the activities, traffic, metrics, and VPC flow in your GCP. The preconfigured dashboards provide you details on the VPC flows, latency, traffic, source and destination IP addresses, ports, protocols, and messages.
Monitoring, troubleshooting and securing Kubernetes with Sumo Logic.
Get the first and only industry report that quantitatively defines the state of the modern application stack and its implication to the growing technology, process and culture shift amongst enterprises adopting Cloud and DevSecOps.