Kubernetes Observability ebook
Monitoring, troubleshooting and securing Kubernetes with Sumo Logic.
April 8, 2021
Logreduce, a capability within Behavior Insights, is now enhanced to increase the speed of unstructured log summarization with LogReduce Optimize. In our testing, we are seeing 5X-20X improvements in side-by-side comparisons with classic LogReduce. The new operator is most appropriate for customers that are looking for quick patterns analysis and time-based comparisons and do not require interaction with LogReduce results such as splitting or editing signatures. Performance improvements can vary based on query time range, data ingest patterns and other factors. The screenshot below shows 1 M log lines summarized by LogReduce Optimize in 25 seconds, a 20X improvement.
March 24, 2021
Service Map is built real-time, out of the box from distributed tracing data incoming to Sumo Logic. It allows you to:
Service Dashboards give you out of the box, zero configuration view of health, load and performance of your micro-services. They provide:
March 12, 2021
The Cloud-to-Cloud Integration framework is an extensible system for running fully hosted, pull, and pub-sub based sources. We now have new sources for Azure EventHub, Carbon Black Cloud, Duo and Salesforce. All of these integrations have been certified to work with the corresponding apps in the app catalog.
The Azure Event Hubs Source provides a secure endpoint to receive data from Azure Event Hubs. It securely stores the required namespace and policy information,, scheduling, and state tracking information required to collect from Azure Event Hubs.
The Carbon Black Cloud Source provides a secure endpoint to receive data from VMWare Carbon Black Cloud Endpoint Standard APIs (formerly Defense). It securely stores the required Carbon Black URL, authentication, scheduling, and state tracking information for communicating with Carbon Black Cloud Endpoint Standard.
The Duo Source provides a secure endpoint to receive authentication logs from the Duo Authentication Logs API. It securely stores the required domain, authentication, scheduling, and state tracking information.
The Salesforce Source provides a secure endpoint to receive event data from the Salesforce through its Rest API. The source securely stores the required authentication, scheduling, and state tracking information.
March 8, 2021
Root Cause Explorer is now enhanced to incorporate Events of Interest detected in Open Telemetry traces, through trace metrics, and Kubernetes metrics. This allows on-call staff, SREs and infrastructure engineers to correlate spikes at the service and Kubernetes layers to AWS infrastructure spikes to troubleshoot incidents faster. In addition, users can now drill into logs, traces and related dashboards for the next step in troubleshooting when viewing an Event of Interest on an entity.
March 8, 2021
Global Intelligence for AWS CloudTrail DevOps helps infrastructure engineers, on-call staff and DevOps users accelerate root cause analysis for incidents by providing error rate and configuration insights benchmarked from Sumo Logic’s AWS customers for nine AWS services: EC2, Lambda, Auto Scaling, S3, ELB, RDS, DynamoDB, ElastiCache and Redshift. The benchmarks are powered by more than 15 million data points per week from AWS CloudTrail logs for a few thousand Sumo Logic tenants across 27 AWS regions. The error benchmarks include:
Service Availability errors, where a particular AWS service (e.g. EC2) may be unavailable
Throttling errors, where AWS rate-limits API traffic from the customer’s application for a given service and API, for example, PutItem requests for AWS DynamoDB
Account Quota errors, where a customer may saturate account limits for a particular service and resource, for example, exceeding the 100 buckets per account limit of AWS S3
Insufficient capacity / out-of-stock errors where AWS is unable to provision resources of a particular specification in a given region, such as EC2 m4.xlarge instances in us-west-1
By comparing a given customer’s AWS error rate against other customers by AWS region, service, API, AWS account and instance types, Global Intelligence for AWS CloudTrail DevOps, helps identify if such errors might be the probable cause of an incident. In addition, the app provides configuration guidance for key AWS services based on settings common among other customers.
In this update, the application features Dashboard-New dashboards that are stack linked to AWS Observability at the account-region level, allowing in-context access to benchmarks during troubleshooting.
March 3, 2021
Benchmark your Kubernetes adoption journey against other customers using Global Intelligence for Kubernetes DevOps. Given the complexity of Kubernetes deployments, over 40% of containers are over provisioned for CPU and memory resulting in underutilized container resources and higher costs. Another 40% of containers are under-provisioned for CPU and memory resources leading to higher risk of out of memory or throttling errors and resulting downtime. Using CPU and memory usage and error baselines of several million containers, Global Intelligence for Kubernetes DevOps’ resource recommendations helps DevOps users and SREs eliminate guesswork and minimize risk and costs of their Kubernetes deployments.
March 3, 2021
Nginx is a web server that can be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. Global Intelligence for Nginx App is a companion to the Nginx ULM application and helps DevOps and infrastructure engineers compare server golden signals (load, error and throughput) and visitor activity patterns associated with their Nginx servers against tens of thousands of Nginx servers that beacon their logs to Sumo Logic. Such comparisons can help diagnose or eliminate Nginx problems over the course of an incident arising from sub-optimal configurations of Nginx servers and unusual bot activity, response size, HTTP verb mix, client mix or backend issues.
February 27, 2021
Dashboard (New) is all about visual control! We’re happy to announce that you can now add units to your charts to make them even easier to consume. With the updated chart units on dashboard panels, you can select a base unit and the chart will auto-adjust the unit as the numbers scale, making the data immediately understandable.
February 24, 2021
The Kubernetes App has been updated to have more entity driven views, and a cleaner, easier to understand set of dashboards. In addition to the dashboards, this release includes OOTB alerts you can use to get going on your Kubernetes monitoring journey.
February 23, 2021
The Sumo Logic app for Microsoft Teams provides your IT Operations, security and compliance teams out-of-the-box dashboards to ensure that security policies are being followed by monitoring user sessions, login activity, administrative activity, client browsers used and bots installed. In addition, these dashboards detect incoming threats via Sumo Logic Threat Intel and minimize and prevent breaches by analyzing user activity patterns.
February 23, 2021
With this new connection, you can now start getting alert notifications within MS Teams with minimal setup. Sumo Logic provides a pre-built template so you just have to provide the channel name to start getting notifications. Furthermore, you can also get notified in MS Teams, when alerts are automatically resolved within Sumo Logic.
February 5, 2021
Root Cause Explorer has now been enhanced with support for AWS SNS and SQS namespaces. This allows users to correlate Events of Interest related to SNS and SQS with other parts of an AWS stack to diagnose incidents. In addition, the Top Contributing Entities panel is redesigned for better readability. The Events of Interest detail panel is now redesigned to show time series data in the first tab avoiding an additional click to view time series data in a separate tab. The entity inspector also replaces the Related tab to access logs and dashboards related to the entity in focus. Lastly, Root Cause Explorer now supports cause-impact analysis driven by AWS X-ray traces augmented by an inferred service map.
February 5, 2021
We are excited to announce support for ECS, ElastiCache and Network Load Balancers as well as 30+ out-of-the-box alerts for all supported services. As part of this release we have documented changes included in each version of our CloudFormation installation template, which will help you understand when to upgrade.
January 16, 2021
Dashboard (New) now supports a dark style theme for dashboards. Dark Theme makes dashboards pop by putting light colored visualizations and text on top of a darker background. This enables you to build gorgeous dashboards with eye catching contrast. Dark Theme is now GA for all dashboards, and can be opted into at any time by switching the theme setting on any Dashboard (New) dashboard.
November 17, 2020
The Sumo Logic app for AWS Network Firewall provides security professionals real-time visibility into network traffic and automated correlation of threats surfaced by AWS Network Firewall. This reduces the time to detect, investigate, and remediate security issues. Use this app to correlate threats and events from AWS Network Firewall with events across your infrastructure, application, and security vendors to quickly identify potential threats and indicators of compromise–regardless of the data source or location.
November 17, 2020
The Sumo Logic app for Auth0 takes advantage of the latest Log Streaming functionality from the Auth0 platform to allow users to visualize key insights like logins, accounts creations and security anomalies at the click of a button. Proactive insights into security threats enable users in Sumo Logic to easily identify suspicious activity and act on it before it turns into a major incident. The categorization of different types of events from signups, logins, MFAs, or recovery enables operational teams to quickly extend the app with custom alerts in Sumo Logic to tailor security response workflows as needed. With Auth0’s contextual depth such as device details or location information, it has never been easier to analyze identity metrics and drive better business decisions such as focusing on segments or prioritizing features based on observed trends.
November 12, 2020
AWS Lambda extensions (in preview) enable you to more easily integrate directly into the Lambda execution environment to control and participate in the AWS Lambda lifecycle. The Sumo Logic AWS Lambda extension enables you to get instant visibility into the health and performance of your mission-critical applications using AWS Lambda by analyzing function, platform, and extension logs to quickly identify and remediate errors and exceptions.
November 5, 2020
The Cloud-to-Cloud Integration framework is an extensible system for running fully hosted, pull, and pub-sub based sources. Traditionally, Sumo Logic collection has been push-based, where we expose an endpoint to which data sources or collector agents push data to us. However, many SaaS applications and Cloud Providers expose event data that describe user, system/application activity which is critical for operations monitoring, security, and compliance use cases. The Cloud-to-Cloud Integration Framework is the system by which we provide integrations to these sources and SaaS applications. This release comes with two new Sources, Okta and Netskope. Our existing apps are updated to work with these two new Sources. The Cloud-to-Cloud Integration Framework is an extensible architecture, in which new Sources can be easily added in the future. Check out the Sources we have available in beta.
October 27, 2020
The Code42 Incydr integration with Sumo Logic allows security teams to monitor file movement and sharing across computers, cloud and email providing an accurate picture of insider threat vulnerabilities. Teams can configure Incydr’s file exposure and exfiltration events into existing Sumo Logic dashboards, or create custom dashboards within Sumo Logic to easily visualize:
October 12, 2020
The Sumo Logic app for ZeroFOX combines omnichannel protection with Sumo Logic’s operational and business intelligence tools delivers a winning formula for managing and securing the complex technology stack and external exposures that modern organizations face. This dashboard shows ZeroFOX alerting activity by date, network, entity, and rule, as well as total alerting, escalation and takedown activity. Users can also get a quick visualization of total alerts, escalation metrics and takedown activity. Aggregating and visualizing this data in Sumo Logic provides ZeroFOX users a single place to quickly review and respond to threat trends and activity on public-facing networks such as Facebook, GitHub, YouTube, Reddit, Slack, twitter and the dark web.
October 7, 2020
Monitoring & Troubleshooting Modern Application Stacks are a challenge with traditional siloed tools. Sumo Logic’s Observability solution provides end to end observability into these application stacks by leveraging Logs, Metrics & Traces, in a seamless & connected way to help DevOps and SRE engineering Monitor, Diagnose and Troubleshoot Issues quickly & effectively.
October 7, 2020Sumo Logic’s new & improved alerting provides you with more actionable alerts with rich contextual information that allow you to go from incident notification to resolution more quickly. Our new alerting engine allows for quicker & more accurate detection of issues by analyzing your data streams (Logs or Metrics) in real time. The new engine also ensures that alert noise is kept to the minimum, by deduplicating and auto resolving incidents. The engine also brings improvements to notifications. It allows for better configurability of where, how, and when you want to get notified about issues. It provides rich contextual information as part of notifications, and allows users to customize it to their hearts content which allows them to drill down to issues more quickly. All of these improvements are wrapped inside a unified experience of creating and managing logs & metrics based alerts.
October 7, 2020
Sumo Logic Tracing, provides customers best in class cloud-native transactional intelligence for distributed business workflows, by combining telemetry from traces, logs, and metrics in the context of real-time automatically tracked application topology. The solution provides end-to-end visibility into user transactions across services, as well as intuitive integration into performance metrics and logs to accelerate issue resolution and root-cause analysis. All telemetry signals are fully integrated to provide a seamless end-to-end experience during the process of managing and responding to production incidents and to reduce downtime by streamlining root cause analysis. Sumo Logic Tracing supports the OpenTelemetry standard as well as other legacy open standards for tracing and leverages open source componentry from the Cloud Native Computing Foundation (CNCF) to collect distributed tracing data.
October 7, 2020
Sumo Logic’s updated metrics explorer interface enables faster discovery and visualization of your metrics data. Powered with an upgraded autocomplete and structured query builder, the updated metrics explorer experience decreases the barrier to entry to querying and retrieving your metrics data. Mimicking the Dashboard (New) experience, the updated metrics explorer has extended visualization support to enable you to slice and dice metrics data in many more ways than you could before.
October 7, 2020
Oftentimes when we receive an alert at 3 AM in the morning, we have our trusty playbooks and pre-built content to help us navigate and start triaging the alert. We use the signal spikes in the playbook to help guide and narrow our search space. With Sumo’s entity driven workflows and embedded entity inspector, you have the ability to follow that spike to the source application or infrastructure component and get an inline peek at the health of that entity and related infrastructure the entity sits on. Once you’ve identified the entity you want to dive into, you can jump right back into the raw logs, metrics, and traces for that component with a click of a button to continue your investigation.
October 7, 2020
Organizations use a different set of technologies, application stacks and tools for building and running their modern applications. In order to ensure Observability into those systems, it is important to first collect data from these diverse set of sources. To that front, we have expanded our collection to support Open Source collection using telegraf to increase the breadth of technologies we collect metrics from. You can leverage our new Telegraf support to collect data for sources such as Redis, Nginx, JMX and many more (works both inside and outside of kubernetes). Our existing Redis and NGINX apps are now enhanced to leverage logs and metrics. We have also added new apps for JMX and NGINX Ingress Controller, a common component in Kubernetes stacks.
October 6, 2020Sumo Logic’s Software Development Optimization solution provides DevOps and engineering organizations the ability to benchmark and optimize their software development and delivery performance in real time by automatically enriching, normalizing and correlating data across the entire DevOps lifecycle. The solution can be setup in minutes via Terraform and provides out-of-the-box dashboards and reports of benchmark data based on research from DevOps Research and Assessment (DORA), the observability needed to monitor and quickly remediate issues in CI/CD pipelines and out of the box integrations to collect and analyze data across multiple software development tools such as Jira, GitHub, Jenkins, Bitbucket, PagerDuty and OpsGenie.
September 11, 2020
With vRealize Operations Manager (vRops) software, you can proactively identify and solve emerging issues with predictive analysis and smart alerts, ensuring optimal performance and availability of system resources - across physical, virtual, and cloud infrastructures. With the Sumo Logic integration for vRops, you can now collect key performance metrics to monitor and troubleshoot the health and performance of your virtual machines, vCenter and ESXi servers.
August 6, 2020Root Cause Explorer is an AWS Observability add-on that helps your on-call staff, DevOps, and infrastructure engineers accelerate troubleshooting and root cause isolation for incidents in their apps and micro services running on AWS. Root Cause Explorer helps you correlate unusual spikes also known as Events of Interest (EOIs) in AWS CloudWatch metrics, using the context associated with the incident.
August 6, 2020Powered by 40+ dashboards with signals from AWS CloudWatch logs, AWS CloudTrail logs and AWS CloudWatch metrics, the Sumo Logic AWS Observability solution helps SRE, DevOps and Infrastructure engineers monitor their infrastructure on AWS in a comprehensive and intuitive manner across AWS accounts, regions and resource types down to individual entities.
August 3, 2020Behavior Insights encompasses three new log search operators to accelerate insights, troubleshooting and action plans using structured logs. About 23% of the daily log ingest volume pertains to JSON data and accounts for a growing share of total log volume. This growth is driven by modern applications and underlying cloud (AWS, GCP, Azure) and orchestrator logs. Behavior Insights helps answer the following questions for SecOps, DevOps and business users:
July 23, 2020
Dashboard (New) is optimized to create data dense, interactive, and connected visualizations that enable you to troubleshoot through your data efficiently. With the new dashboards, you can easily visualize data across logs and metrics, subset your data with flexible template variables for finer insights, and get deep visual control over the presentation with series overrides and JSON level style controls. In addition, you’ll have access to additional visualizations like honeycomb charts, scatter plots, and bubble charts to fill out your data visualization needs.
June 15, 2020
The Search Audit Index provides event logs on search usage and other activities for your account. The index allows you to monitor and audit the search queries being run within your account, the types of queries, the users running them, and more. The Enterprise Search Audit App provides pre-built dashboards and reports of the data from the Search Audit Index to help you analyze your current search use and identify areas for improvement.
June 5, 2020
Global Intelligence for AWS CloudTrail DevOps guides infrastructure engineers, on-call staff and DevOps users to accelerate root cause analysis for incidents through error rate and configuration insights benchmarked from Sumo Logic’s AWS customers for nine AWS services: EC2, Lambda, Auto Scaling, S3, ELB, RDS, DynamoDB, ElastiCache and Redshift. The benchmarks rely on 15 million data points per week from AWS CloudTrail logs and baseline service availability, throttling, account quota and insufficient capacity/out-of-stock errors in 27 AWS regions by AWS service, API,account and instance type. The app recommends configuration improvements to key AWS services based on baseline usage such as memory and concurrency settings for AWS Lambda, provisioned IOPS for DynamoDB and min/max sizes of EC2 Auto Scaling groups.
May 1, 2020
The Sumo Logic App for Infrequent Data Tiers provides visibility into on-demand search usage and costs associated with Infrequent Data Tier by providing intuitive pre-configured dashboard and searches.Infrequent Data Tiers are an economical, fully managed log analytics solution for high volume, infrequently accessed data. With Infrequent Data Tiers, organizations have a solution that can aggregate, store and analyze verbose sources such as App Debug, CDN, Load Balancer, and other infrequently accessed logs at a dramatically lower price point.
April 13, 2020
The Sumo Logic App for Zoom provides visibility into how Zoom is being used across your organization, displaying analytics on performance, availability, security, and user activity. The app aggregates and reports on data so you can correlate and investigate trends and respond to incidents across all of your IT tools in a consistent and timely manner.
April 1, 2020
The Sumo Logic App for Jira Cloud provides insights into how your Jira projects and issues are being managed so as to enable you to be more effective and manage work across multiple teams.
April 1, 2020
The Sumo Logic App for Bitbucket Cloud provides insights to development teams into how their software delivery pipeline components are performing. The pre-configured dashboards organize issues, builds, and deployments that require the most attention.
April 1, 2020
The Sumo Logic Atlassian solution leverages data from multiple Atlassian products including Jira Server, Jira Cloud, Opsgenie and Bitbucket Cloud to enable development teams with actionable insights to collaborate more effectively and release secure, high quality code faster.
March 5, 2020
The Sumo Logic app for Barracuda CloudGen Firewall app provides a dashboard to monitor firewall actions, IP addresses, and rule and application usage.
February 25, 2020
The Sumo Logic App for Alcide kAudit app helps detect Kubernetes abuse, misuse of Non-compliant Activity and provides enhanced visibility and observability into Kubernetes audit logs.
February 24, 2020
The ARIA Packet Intelligence app provides visualization and profiling of all internal network traffic, within a Sumo environment, to detect possible threats and verify connectivity policies.
February 17, 2020
Amazon GuardDuty is a threat detection service that monitors AWS accounts for 50+ threats representing unusual EC2 and IAM activity. Following up on version 2.0 announced at Illuminate 2019, Global Intelligence for Amazon GuardDuty 3.0 helps SecOps users pinpoint Amazon GuardDuty findings that are unusual compared to a population of Sumo Logic customers. Many customers, including Rakuten Rewards and Thoughtworks report that such global comparisons help them reduce noise and focus remediation efforts on the most important GuardDuty findings. In addition to a redesigned application user experience, in this release, Global Intelligence for Amazon GuardDuty has added support for a continuously updated threat score. The threat score is computed based on the count, severity and unusualness of GuardDuty findings and represents security posture in single number: 0 implying low risk, 100 high risk.
February 17, 2020
Global Intelligence for AWS CloudTrail helps SecOps users pinpoint AWS activity and configuration changes evident in AWS CloudTrail logs that are unusual compared to a population of Sumo Logic customers. Such activity and configuration changes are curated from AWS penetration tests and reflect known breach tactics; remediating them will reduce breach risk for customers. In this release, the application covers 7 of the most used AWS Services (EC2, S3, IAM, RDS, Redshift, Lambda and CloudTrail), computes baselines for 40+ breach risk signals and prioritizes remedial actions based on how unusual a customer's CloudTrail activity is compared to their peer group.
Monitoring, troubleshooting and securing Kubernetes with Sumo Logic.
Get the first and only industry report that quantitatively defines the state of the modern application stack and its implication to the growing technology, process and culture shift amongst enterprises adopting Cloud and DevSecOps.