REPORT

Sumo Logic named a Visionary in the Gartner Magic Quadrant for SIEM Read the Report

What’s New

See what we’ve been up to at Sumo Logic

Updated Data Volume App

November 12, 2021

We're excited to announce that we have released an updated Data Volume App that provides you with the ability to view and track account usage for by data type (logs, metrics, traces), data tier, category, collector, sources and hosts. In addition, you will also be able to track usage in both native units as well as Credits.

Updated Data Volume App

Gitlab and CircleCI support for Software Development Optimization

November 9, 2021

Sumo Logic’s Software Development Optimization solution now supports GitLab and CircleCI, broadening the data sets that can be ingested for greater visibility into your software delivery process. With these integrations, Software Development Optimization lets Gitlab and CircleCI customers focus on increasing the velocity and quality of their development and delivery processes by providing full visibility to identify bottlenecks and troublesome deployment strategies. We even offer a dedicated Gitlab app so Gitlab customers can monitor the git commits and pull requests as well as pipeline runs, builds, and deployment statuses across all of their software development teams.

Gitlab and CircleCI support for Software Development Optimization

Three Cloud SIEM features to tailor SOC workflows

October 28, 2021

We’re proud to highlight three new product features and enhancements that provide SOC teams and security analysts with new optimizations to help them adapt Cloud SIEM to their environment even better. Together, these features help improve team collaboration and consistently communicate threat information and event statuses while also saving time during threat investigation and response activities.

Custom Tag Schemas

This new enhancement to our Cloud SIEM tagging capability now allows users to define their own custom tag schemas with the enforcement of schema definition and association of tags. Similar to how MITRE ATT&CK Tactics and Techniques can be chosen from a drop-down, now customers can define their own standard set of tags to leverage; their appearance in drop-downs allows team members to choose the correct tags. This allows consistency across the SOC team and makes it easier for security analysts to navigate objects with those tags and search for them.

Learn more —>


Custom Insight Statuses

Customers can now create their own unique Insight statuses and change the order depicted in the Cloud SIEM interface—enabling SOC teams to map the workflows to their specific needs. Each custom Insight status has a name and description and can be easily re-ordered by moving the handle alongside its name on the Workflow page. SOC admins can change the order in real-time at will, however, the New status must always be the first status, and Closed must always be the last status. Once set, the custom workflow is displayed in the desired order throughout the interface including Status drop-downs within Insight Details pages and when filtering Insights by Status.

Learn more —>


Custom Insight Resolutions

This unique Cloud SIEM functionality enables customers to define and name their own descriptions for closing Insights, providing them the customization and granularity needed to align with their existing workflows and processes. Custom resolutions are nested under any of the four existing built-in resolutions: Duplicate, False Positive, No Action, and Resolved. This increases clarity for the team and provides additional context as to why an Insight was closed.

Learn more —>



Three Cloud SIEM features to tailor SOC workflows

Sumo Logic App for Host and Process Metrics

October 22, 2021

We’re excited to release a new Sumo Logic App for Host and Process Metrics that allows you to monitor the performance and resource utilization of hosts and processes that your mission critical applications are dependent upon. Preconfigured dashboards provide insight into CPU, memory, network, file descriptors, page faults, and TCP connectors. We also have pre-packaged alerts to proactively monitor your hosts. Alerts are based on Sumo Logic monitors and include preset thresholds for high CPU, memory, network, disk and file host and/or process resource utilization.

Sumo Logic App for Host and Process Metrics

New Dashboard panels: Service Map and Trace List

October 14, 2021

Many of you already know that Sumo Logic is not only about logs. Our OpenTelemetry powered APM data can now be visualised in two nice ways as Dashboards (New) panels. Want to get quick insight into your service dependencies and lookup most recent or longest traces flowing through it ? Nothing easier now ! If you are an active user of our APM/Tracing data, your out-of-the-box dashboards will get upgraded automatically to include new panels.

New Dashboard panels: Service Map and Trace List

Operation level metrics and dashboards for monitoring Application Services

October 13, 2021

If you are using APM/Distributed Tracing with Sumo Logic, you might notice we have automatically upgraded Explore's Application Service and Service Application Views. They now include new, third level of hierarchy : Operation and associated dashboard with key performance metrics for them. They allow you to get insight into top most active tracing operations like HTTP requests or SQL queries.

Operation level metrics and dashboards for monitoring Application Services

Updated Sumo Logic App for Elasticsearch

October 1, 2021

We’ve released a new version of the Elasticsearch app that now includes pre-packaged alerts and additional dashboards. The Sumo Logic App for Elasticsearch is a unified logs and metrics app that helps you monitor the availability, performance and health of your Elasticsearch clusters. Preconfigured dashboards provide insight into cluster health, resource utilization, sharding, garbage collection, and search, index, and cache performance. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for node availability, cluster status, disk space, heap usage, shards, pending tasks, slow queries and errors.

Updated Sumo Logic App for Elasticsearch

Updated Sumo Logic App for Memcached

October 1, 2021

We’ve released a new version of the Memcached app that now includes pre-packaged alerts and additional dashboards. The Sumo Logic App for Memcached is a unified logs and metrics app that helps you monitor the availability, performance and health of your Memcached clusters. Preconfigured dashboards provide insights into uptime, operational metrics, cache performance, resource utilization, errors, warnings, and commands executed. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for cache hit ratio, node availability, command/authentication errors, connections and memory usage.

Updated Sumo Logic App for Memcached

Updated Sumo Logic App for ActiveMQ

October 1, 2021

We’ve released a new version of the ActiveMQ app that now includes pre-packaged alerts and additional dashboards. The Sumo Logic App for ActiveMQ is a unified logs and metrics app that helps you monitor the availability, performance and health of your ActiveMQ clusters. The Preconfigured dashboards provide insight into cluster status, nodes, producers, consumers, destinations, resource utilization, message rates and error logs. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for node availability, resource utilization (CPU, memory, disk, file descriptors), connections, queues, expired messages and unacknowledged messages.


Updated Sumo Logic App for ActiveMQ

Updated Sumo Logic App for HAProxy

October 1, 2021

We’ve released a new version of the HAProxy app that now includes pre-packaged alerts and additional dashboards. The Sumo Logic App for HAProxy is a unified logs and metrics app that helps you monitor the availability, performance and health of your HAProxy cluster. Preconfigured dashboards provide insights into active servers, visitor locations, sessions, errors, response time and throughput. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for errors, server availability, server sessions, blocked/pending requests, slow response times and retries.

Updated Sumo Logic App for HAProxy

Dashboard Export

September 30, 2021

We're thrilled to announce that Sumo Logic Dashboards (New), now allow you to generate an export in PDF or PNG format with just 2 clicks. This new capability further expands the flexibility and portability of your mission-critical data. Dashboard exports are especially useful in situations where you would like to provide stakeholders, outside of Sumo, dashboard-level insights, without them having to log in or take any additional action.

Dashboard Export

Alert Response

September 29, 2021

Troubleshooting production issues is even more challenging with modern distributed applications. With our new alert response feature, your on-call teams can now also leverage curated insights that will help them get to the root cause quickly. The feature generates relevant insights as a context card using Sumo analytics to track what’s occurring in your applications, helping your teams troubleshoot faster.

Alert Response

Distributed Tracing for AWS Lambda

September 28, 2021

We are proud to announce general availability of Sumo Logic lambda layers for distributed tracing. Together with our AWS partners, we deliver this managed layers available directly from your AWS lambda layer repository. Just configure your lambdas to attach to the layer appropriate for your language and enjoy new visibility in Sumo Logic. Lambda calls appear just as any other spans in your traces and by clicking on them you immediately get insights into Cloud Watch metrics related to this lambda and possibility to drill-down to Dashboard of this particular function.



Distributed Tracing for AWS Lambda

AWS Observability Updates

September 24, 2021

We’re happy to announce the latest release of our AWS Observability Solution 2.3.0 which includes the deployment of the AWS Observability Solution using a Terraform script. This update also includes options for streamlined deployment to multiple accounts and regions and updates to dashboards and monitors.

AWS Observability Updates

Updated Sumo Logic App for Cassandra

September 8, 2021

We’ve released a new version of the Cassandra app that now includes pre-packaged alerts and additional dashboards. The Sumo Logic App for Cassandra is a unified logs and metrics app that helps you monitor the availability, performance and resource utilization of your Cassandra database clusters. Preconfigured dashboards provide insight into cluster health, resource utilization, cache/Gossip/Memtable statistics, compaction, garbage collection, thread pools and write paths. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for node availability, authentication failures, cache hit rates, pending/blocked/repair tasks, compaction pending tasks, and tombstone scanning.

Updated Sumo Logic App for Cassandra

Anomaly (Outlier) Based Monitors

September 1, 2021

We have extended our monitors capabilities (New alerting framework) to support anomaly(outlier) based alerting for both logs and metrics data sources.

Anomaly based alerting removes the need to specify a static alert threshold. System automatically creates dynamic baselines, and alerts the user, when there is abnormal trend in the alerting KPI compared to its historic behavior.

Anomaly based alerts are especially useful for custom KPIs that constantly change overtime, and don't have a good static reference condition to alert on. For example, Requests, latency and errors are some examples of KPIs that might constantly change based on external and internal factors like changes in customer usage patterns or code changes & feature releases.

Anomaly (Outlier) Based Monitors

Sumo Logic Red Hat Marketplace Operator

August 31, 2021

Sumo Logic has expanded its partnership with Red Hat to accelerate hybrid cloud adoption with Red Hat Operator Certification and availability of the Sumo Logic Helm Operator for OpenShift. Red Hat OpenShift Users can now integrate Sumo Logic by simply installing our operator in the Red Hat MarketPlace. Simply provide your Sumo Logic credentials and Kubenetes cluster name, and with a click our Operator is installed collecting all the critical telemetry you need. Sumo Logic fully integrates and supports Red Hat OpenShift, ensuring customers have complete observability of their Kubernetes clusters.

Sumo Logic Red Hat Marketplace Operator

New Real User Monitoring capabilities

August 18, 2021

Now, you are able not only get visibility into individual user transactions and quickly understand what was the user experience and delay incurred on the client to overall end to end transaction time, but also perform high level monitoring, alerting and troubleshooting of such situations. You have full visibility into user cohorts, their geographical locations, browsers, operating systems. You can also fully understand the overall experience of all users and transactions of your digital business, all the time.

New Real User Monitoring capabilities

Introducing Span Analytics

August 12, 2021

We are excited to introduce a brand new experience we built to help data exploration and query creation for less technical users - our new Span Analytics UI.

This new interface helps you intuitively to perform a multi-dimensional analysis of you application performance signals gathered from trace spans. You can easily filter, aggregate data build charts with custom metrics and inspect your span tags with full fidelity and no high cardinality limits.

You can find this new capability in the “New” menu of your Sumo Logic interface.

Introducing Span Analytics

Updated Sumo Logic App for Varnish

August 9, 2021

We’ve released a new version of the Varnish app that now includes pre-packaged alerts. New features include support for collecting Varnish metrics data using Telegraf and support for monitoring Varnish servers in Kubernetes environments. Out-of-the-box dashboards provide insight into cache performance, communication with backend servers/clients, thread metrics, requests, visitor locations, traffic patterns, errors, resource utilization, web server operations and access from known malicious sources. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for busy/unhealthy backend servers, failed connections, failed thread creation, access from known malicious sources and 4xx/5xx errors.


Updated Sumo Logic App for Varnish

Sumo Logic App for Memcached

August 9, 2021

The Memcached app is a unified logs and metrics app that helps you monitor the availability, performance, health and resource utilization of your Memcached clusters. Preconfigured dashboards provide insight into uptime, cache hits/misses, resource utilization, errors, and commands executed.

Sumo Logic App for Memcached

Sumo Logic App for Elasticsearch

August 1, 2021

The Elasticsearch app is a unified logs and metrics app that helps you monitor the availability, performance, health and resource utilization of your Elasticsearch clusters. Preconfigured dashboards provide insight into cluster health, resource utilization, sharding, search and index performance.

Sumo Logic App for Elasticsearch

Updated Sumo Logic App for Apache Tomcat with Pre-packaged Alerts

July 21, 2021

We’ve released a new version of the Apache Tomcat app that now includes pre-packaged alerts. New features include support for collecting Tomcat metrics data using Telegraf and support for monitoring Tomcat servers in Kubernetes environments. Out-of-the-box dashboards provide insight into visitor locations, traffic patterns, errors, resource utilization, garbage collection, web server operations and access from known malicious sources. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for high memory usage, access from known malicious sources and 4xx and 5xx errors.

Updated Sumo Logic App for Apache Tomcat with Pre-packaged Alerts

Global Intelligence for Security Insights: Global Confidence score

July 12, 2021

We’re proud to announce Sumo Logic’s Global Intelligence for Security Insights, a new feature in Cloud SIEM Enterprise presented as Global Confidence Scores. This new feature is designed to further assist security analysts as they triage and prioritize the Insights our Cloud SIEM solution automatically generates. These scores represent a level of confidence predicted by Sumo’s Global Intelligence machine learning model that the Insight is actionable. The score is on a scale from 0 to 100 with higher scores indicating a higher confidence level. Our model observes and compares patterns from Insights that are closed with either a False Positive or Resolved resolution by Cloud SIEM Enterprise customers around the world, while also taking into account customizations made by the specific customer. This enables us to apply a score based on patterns seen at one customer when they are encountered at another customer.

Please note: all information used by our model is anonymized, and no customer-confidential information is processed, nor retained.

Global Intelligence for Security Insights: Global Confidence score

Root Cause Explorer: Analyze and Monitor Events of Interest Using Log Queries

July 9, 2021

Root Cause Explorer Events of Interest are unusual spikes in metrics observed on application or infrastructure entities and are the first sign of trouble in complex microservices environments. Events of Interest are now streamed as log messages enabling correlations between custom application/service telemetry data and Events of Interest computed from Open Telemetry trace-metrics, AWS Cloudwatch and Kubernetes metrics. Such correlations surface diagnostics at the application and infrastructure layers of an Observability stack and accelerate root cause analysis. In addition, customers can build dashboards and monitors by analyzing Events of Interest data, exemplified by the following use cases:

  • Alert Strategy: Identify metrics and entities to monitoring based microservices, Kubernetes or AWS entities and associated metrics experiencing the most Events of Interest

  • Health Checks: Assess health of microservices, AWS accounts and Kubernetes clusters based on Events of Interest count (see screenshot)

  • Monitors on Events of Interest

  • Behavior Insights (e.g. LogExplain, LogReduce) on Events of Interest to identify and explain unusual patterns in entity behavior

Root Cause Explorer: Analyze and Monitor Events of Interest Using Log Queries

Sumo Logic App for Cassandra

July 6, 2021

The Sumo Logic App for Cassandra is a unified logs and metrics app that helps you monitor the availability, performance and resource utilization of your Cassandra database clusters. Preconfigured dashboards provide insight into the database cluster status, resource utilization, compactions, SST Tables, dropped messages, warning and error logs.

Sumo Logic App for Cassandra

Sumo Logic App for ActiveMQ

July 2, 2021

The ActiveMQ app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your ActiveMQ messaging clusters. Preconfigured dashboards provide insight into cluster status, nodes, producers, consumers, destinations, resource utilization, message rates and error logs.

Sumo Logic App for ActiveMQ

Sumo Logic App for RabbitMQ

July 2, 2021

The RabbitMQ app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your RabbitMQ messaging clusters. Preconfigured dashboards provide insight into cluster status, exchanges, queues, nodes and error logs. We also have pre-packaged alerts to proactively monitor your RabbitMQ clusters. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for high resource utilization, consumers, node availability, connections and unacknowledged and unroutable messages.

Sumo Logic App for RabbitMQ

Sumo Logic App for Nginx Ingress Plus with Pre-packaged Alerts

July 2, 2021

The Nginx Plus Ingress app is a unified logs and metrics app that helps you monitor the availability, performance, health and resource utilization of your Nginx Plus Ingress web servers. Preconfigured dashboards and searches provide insight into server status, location zones, server zones, upstreams, resolvers, visitor locations, visitor access types, traffic patterns, errors, web server operations and access from known malicious sources. We also have pre-packaged alerts to proactively monitor your Nginx Plus servers. Alerts are based on Sumo Logic monitors and include preset thresholds for dropped connections, critical event log messages, access from known malicious sources and 4xx and 5xx errors.

Sumo Logic App for Nginx Ingress Plus with Pre-packaged Alerts

Updated Sumo Logic integration application with Zscaler Internet Access

June 29, 2021

We’ve released an update to our support for Zscaler Internet Access (ZIA), including a fully hosted collection solution using ZIA’s Cloud Nano Streaming Service and Sumo Logic’s HTTP Source. New out of the box dashboards provide rich insights to the web, tunnel, DNS, and firewall activity occurring in the Zscaler Zero Trust Exchange. Cloud SIEM Enterprise customers can leverage this data in Insight generation.

Updated Sumo Logic integration application with Zscaler Internet Access

New Sumo Logic support for Zscaler Private Access

June 29, 2021

The Zscaler Private Access App allows you to easily visualize the state of your Zscaler Private Access (ZPA) infrastructure to assure compliance with policy, operational health, and identify suspicious activity. The solution provides hosted Sumo Logic collection using a CloudSyslog source integrated with the Zscaler Log Streaming Service. Cloud SIEM Enterprise customers can correlate blocked and allowed traffic logs with endpoint, user, and Threat Intelligence data for Insight generation.

New Sumo Logic support for Zscaler Private Access

Root Cause Explorer Improvements

June 28, 2021

Assessing anomalous metrics on a timeline is a key strategy to determining root cause as earlier spikes in metrics of associated entities are closer to the root cause of an incident. Root Cause Explorer now renders a timeline of anomalous metrics, as shown in the screenshot, along with a summary of the affected entity, metric, golden signal type and time series stats. Events of Interest are now computed on operations of application services instrumented with Sumo Logic tracing allowing on-call users to pinpoint issues in particular operations. Additional noise reduction techniques are also rolled out to suppress statistical anomalies that are not relevant for root cause analysis.

Root Cause Explorer Improvements

Global Intelligence for Apache Tomcat

June 22, 2021

Global Intelligence for Apache Tomcat is a companion to the Apache Tomcat application and helps DevOps and infrastructure engineers compare server golden signals (load, error, latency and throughput) and visitor activity patterns associated with their Apache Tomcat servers against thousands of Apache Tomcat servers that beacon their logs to Sumo Logic. Such comparisons can help diagnose or eliminate Apache Tomcat problems over the course of an incident arising from sub-optimal configurations of servers and unusual connection rate, request rate, response size, HTTP verb mix, or backend issues.

Global Intelligence for Apache Tomcat

Global Intelligence for Apache

June 22, 2021

Global Intelligence for Apache App is a companion to the Apache App and helps DevOps and infrastructure engineers compare server golden signals (load, error, latency and throughput) and visitor activity patterns associated with their Apache servers against thousands of Apache servers that beacon their logs to Sumo Logic. Such comparisons can help diagnose or eliminate Apache problems over the course of an incident arising from sub-optimal configurations of servers and unusual bot activity, response size, HTTP verb mix, client mix or backend issues.


Global Intelligence for Apache

Updated Sumo Logic App for SQL Server with Pre-packaged Alerts

June 4, 2021

We’ve released a new version of the SQL Server app that now includes pre-packaged alerts. New features include support for collecting SQL Server metrics data using Telegraf and support for monitoring SQL Server in Kubernetes environments. Out-of-the-box dashboards provide insight into cluster status, performance, operations, replication, latency, I/O as well as backup and restore operations. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for cluster availability, backup failures, resource utilization, deadlocks, login failures, errors and blocked processes.

Updated Sumo Logic App for SQL Server with Pre-packaged Alerts

Sumo Logic App for Nginx Plus with Pre-packaged Alerts

June 4, 2021

The Nginx Plus app is a unified logs and metrics app that monitors the availability, performance, health and resource utilization of your Nginx Plus servers. Preconfigured dashboards and searches provide insight into server status, location zones, server zones, upstreams, resolvers, visitor locations, visitor access types, traffic patterns, errors, web server operations and access from known malicious sources. We also have pre-packaged alerts to proactively monitor your Nginx Plus servers. Alerts are based on Sumo Logic monitors and include preset thresholds for dropped connections, critical event log messages, access from known malicious sources and 4xx and 5xx errors.

Sumo Logic App for Nginx Plus with Pre-packaged Alerts

Updated Sumo Logic App for MongoDB Server with Pre-packaged Alerts

June 2, 2021

We’ve released a new version of the MongoDB app that now includes pre-packaged alerts. New features include support for collecting MongoDB metrics data using Telegraf and support for monitoring MongoDB clusters in Kubernetes environments. Out-of-the-box dashboards provide insight into cluster status, logins, connections, slow queries, replication, resource utilization, sharding, errors and warnings. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for cursors, missing primaries, instance availability, replication errors, too many connections, slow queries and sharding failures.

Updated Sumo Logic App for MongoDB Server with Pre-packaged Alerts

Sumo Logic App for HAProxy with Pre-packaged Alerts

May 28, 2021

The Sumo Logic App for HAProxy is a unified logs and metrics app that helps you monitor the availability, performance and health of your HAProxy cluster. Preconfigured dashboards provide insights into active servers, visitor locations, sessions, errors, response time and throughput.

Sumo Logic App for HAProxy with Pre-packaged Alerts

Updated Sumo Logic App for Apache with Pre-packaged Alerts

May 28, 2021

We’ve released a new version of the Apache app that now includes pre-packaged alerts. New features include support for collecting Apache metrics data using Telegraf, and support for monitoring Apache web servers in Kubernetes environments. Out-of-the-box dashboards and searches provide insight into visitor locations, visitor access types, traffic patterns, errors, web server operations, resource utilization and access from known malicious sources. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for critical error messages, 4XX/5XX error rates, resource utilization, and access from known malicious sources.


Updated Sumo Logic App for Apache with Pre-packaged Alerts

Analyze your tracing data any way you want with Sumo search query language

May 20, 2021

We are proud to introduce the GA of the Extended trace filtering and Search Query Language support. This allows customers to not only find and diagnose transaction traces that match any custom criteria, but also make advanced Sumo-like analysis on the top of trace span data using Sumo Search Query Language (SQL), the same way as for log data, in the same familiar interface.

This capability allows you to access raw tracing data on a span level, treat it as structured or unstructured data for analysis and filter, transform or aggregate any part of the tracing span message (a single atomic request/response representation) to deliver meaningful results to drive smarter decisions.

Analyze your tracing data any way you want with Sumo search query language

Multi-account management with Sumo Organizations

May 4, 2021

Sumo Organizations is a new multi-account management solution that enables managed service providers (MSP) and managed security service providers (MSSP) to efficiently manage multiple Sumo Logic accounts. We are introducing a native multi-tenant and organizational hierarchy, enabling cross-organization visibility, provisioning, aggregate usage reporting, and cost management at the organization level. Key capabilities include:

  • Multi-tenant management interface to view and manage all your organizations
    • Single sign on access to all of your customers
    • Point-in-time usage reporting and the ability to allocate credits across orgs
    • Support for cross-geographical deployment billing
  • Role-based access control permissions for credit allocation and provisioning
  • Self-service provisioning and trial account creation for partners
  • Federated view of Sumo Logic Cloud Enterprise insights
Multi-account management with Sumo Organizations

New AWS Kinesis Data Firehose integrations for streaming CloudWatch Logs and Metrics

May 3, 2021

Our integration with AWS Kinesis Data Firehose provides our customers a fully managed, scalable, and low latency solution to stream Amazon CloudWatch Logs and Metrics using AWS Kinesis Data Firehose into their Sumo Logic accounts, to help simplify the monitoring and troubleshooting of AWS infrastructure, services, and applications.

Our customers now have access to two new hosted sources namely, AWS Kinesis Firehose for Logs Source and AWS Kinesis Firehose for Metrics Source. Some of the key capabilities on offer are:

  • Reliable Delivery of CloudWatch Metrics and Logs.

  • Automatic retry capabilities: Kinesis Data Firehose has an automatic retry mechanism and routes all failed Logs and Metrics to a customer-owned S3 bucket for later recovery.

  • Efficient Filtering for Metrics

  • Performant and less intrusive Log collection

New AWS Kinesis Data Firehose integrations for streaming CloudWatch Logs and Metrics

AWS Observability Updates

May 3, 2021

We’re happy to announce the release of our AWS Observability Solution v2.2.0 which includes:

  • New performance and cost-savings. We’ve added support for collecting AWS CloudWatch metrics and AWS CloudWatch logs through new Amazon Kinesis logs and metrics sources for Sumo Logic. These new sources enable you to collect logs and metrics data from AWS in the most performant and cost-effective manner.

  • AWS benchmarks in-context with AWS Observability. Global Intelligence for AWS CloudTrail DevOps helps you accelerate root cause analysis for incidents by providing error rate and configuration insights benchmarked from Sumo Logic’s AWS customers for nine AWS services: EC2, Lambda, Auto Scaling, S3, ELB, RDS, DynamoDB, ElastiCache and Redshift. In this release, the benchmark dashboards are integrated with AWS Observability solution at the account-region level.

AWS Observability Updates

Updated Sumo Logic App for Redis with Pre-Packaged Alerts

April 30, 2021

We’ve released a new version of the Redis app that includes pre-packaged alerts. New features include updated dashboards that allow you to visualize, search and alert by Redis clusters and hosts. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for connections, replication, memory fragmentation, communication failures, resource utilization and other critical conditions.

Updated Sumo Logic App for Redis with Pre-Packaged Alerts

Updated Sumo Logic App for PostgreSQL with Pre-Packaged Alerts

April 30, 2021

We’ve released a new version of the PostgreSQL app that includes pre-packaged alerts. New features include support for collecting PostgreSQL metrics data using Telegraf, and for monitoring PostgreSQL in Kubernetes environments. Out-of-the-box dashboards provide insight into the health of your PostgreSQL clusters, deadlocks, replication status, query performance, slow queries, incoming connections, failed authentications and error logs. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for connections, slow queries, commit rates, deadlocks, replication, locks, compression and other critical conditions.

Updated Sumo Logic App for PostgreSQL with Pre-Packaged Alerts

Sumo Logic App for Kafka with Pre-Packaged Alerts

April 30, 2021

The Sumo Logic App for Kafka is a unified logs and metrics app that helps you monitor the availability, performance and resource utilization of Kafka messaging/streaming clusters. Preconfigured dashboards provide insights into cluster status, throughput, broker operations, topics, replication, zookeepers, node resource utilization and error logs. We also have pre-packaged alerts to help you monitor your Kafka cluster. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for high resource utilization, disk usage, errors, failed connections, under replicated and offline partitions, unavailable replicas, consumer replica lag and other critical conditions.

Sumo Logic App for Kafka with Pre-Packaged Alerts

New Pre-Packaged Alerts for Nginx and Nginx Ingress

April 30, 2021

We’ve released pre-packaged alerts to help you monitor your Nginx and Nginx Ingress clusters. These alerts are built based on Sumo Logic monitors, leverage metrics and logs and include preset thresholds for dropped connections, critical event log messages, access from known malicious sources and 4xx and 5xx errors.

New Pre-Packaged Alerts for Nginx and Nginx Ingress

LogReduce performance improvements (LogReduce Optimize)

April 8, 2021

Logreduce, a capability within Behavior Insights, is now enhanced to increase the speed of unstructured log summarization with LogReduce Optimize. In our testing, we are seeing 5X-20X improvements in side-by-side comparisons with classic LogReduce. The new operator is most appropriate for customers that are looking for quick patterns analysis and time-based comparisons and do not require interaction with LogReduce results such as splitting or editing signatures. Performance improvements can vary based on query time range, data ingest patterns and other factors. The screenshot below shows 1 M log lines summarized by LogReduce Optimize in 25 seconds, a 20X improvement.

LogReduce performance improvements (LogReduce Optimize)

Service Map & Service Dashboards

March 24, 2021

Service Map is built real-time, out of the box from distributed tracing data incoming to Sumo Logic. It allows you to:

  • understand architecture of your environment on the micro-service level
  • track the connections and dependencies between application components
  • quickly visualise most import KPIs for each service
  • drill-down to:

Service Dashboards give you out of the box, zero configuration view of health, load and performance of your micro-services. They provide:

  • insights toload, latency and errors for each micro-service
  • comparison between components of the same application allowing easy fault domain isolation
  • ability to drill-down to individual traces in context of specific spike on any chart
Service Map & Service Dashboards

New Cloud to Cloud (C2C) Integrations for Azure EventHub, Carbon Black Cloud, Duo and Salesforce

March 12, 2021

The Cloud-to-Cloud Integration framework is an extensible system for running fully hosted, pull, and pub-sub based sources. We now have new sources for Azure EventHub, Carbon Black Cloud, Duo and Salesforce. All of these integrations have been certified to work with the corresponding apps in the app catalog.

  • The Azure Event Hubs Source provides a secure endpoint to receive data from Azure Event Hubs. It securely stores the required namespace and policy information,, scheduling, and state tracking information required to collect from Azure Event Hubs.

  • The Carbon Black Cloud Source provides a secure endpoint to receive data from VMWare Carbon Black Cloud Endpoint Standard APIs (formerly Defense). It securely stores the required Carbon Black URL, authentication, scheduling, and state tracking information for communicating with Carbon Black Cloud Endpoint Standard.

  • The Duo Source provides a secure endpoint to receive authentication logs from the Duo Authentication Logs API. It securely stores the required domain, authentication, scheduling, and state tracking information.

  • The Salesforce Source provides a secure endpoint to receive event data from the Salesforce through its Rest API. The source securely stores the required authentication, scheduling, and state tracking information.

New Cloud to Cloud (C2C) Integrations for Azure EventHub,  Carbon Black Cloud, Duo and Salesforce

Root Cause Explorer for Kubernetes metrics and OpenTelemetry traces

March 8, 2021

Root Cause Explorer is now enhanced to incorporate Events of Interest detected in Open Telemetry traces, through trace metrics, and Kubernetes metrics. This allows on-call staff, SREs and infrastructure engineers to correlate spikes at the service and Kubernetes layers to AWS infrastructure spikes to troubleshoot incidents faster. In addition, users can now drill into logs, traces and related dashboards for the next step in troubleshooting when viewing an Event of Interest on an entity.

Root Cause Explorer for Kubernetes metrics and OpenTelemetry traces

Global Intelligence for AWS CloudTrail DevOps (Updated)

March 8, 2021

Global Intelligence for AWS CloudTrail DevOps helps infrastructure engineers, on-call staff and DevOps users accelerate root cause analysis for incidents by providing error rate and configuration insights benchmarked from Sumo Logic’s AWS customers for nine AWS services: EC2, Lambda, Auto Scaling, S3, ELB, RDS, DynamoDB, ElastiCache and Redshift. The benchmarks are powered by more than 15 million data points per week from AWS CloudTrail logs for a few thousand Sumo Logic tenants across 27 AWS regions. The error benchmarks include:

  • Service Availability errors, where a particular AWS service (e.g. EC2) may be unavailable

  • Throttling errors, where AWS rate-limits API traffic from the customer’s application for a given service and API, for example, PutItem requests for AWS DynamoDB

  • Account Quota errors, where a customer may saturate account limits for a particular service and resource, for example, exceeding the 100 buckets per account limit of AWS S3

  • Insufficient capacity / out-of-stock errors where AWS is unable to provision resources of a particular specification in a given region, such as EC2 m4.xlarge instances in us-west-1

By comparing a given customer’s AWS error rate against other customers by AWS region, service, API, AWS account and instance types, Global Intelligence for AWS CloudTrail DevOps, helps identify if such errors might be the probable cause of an incident. In addition, the app provides configuration guidance for key AWS services based on settings common among other customers.

In this update, the application features Dashboard-New dashboards that are stack linked to AWS Observability at the account-region level, allowing in-context access to benchmarks during troubleshooting.

Global Intelligence for AWS CloudTrail DevOps (Updated)

Global Intelligence for Kubernetes DevOps

March 3, 2021

Benchmark your Kubernetes adoption journey against other customers using Global Intelligence for Kubernetes DevOps. Given the complexity of Kubernetes deployments, over 40% of containers are over provisioned for CPU and memory resulting in underutilized container resources and higher costs. Another 40% of containers are under-provisioned for CPU and memory resources leading to higher risk of out of memory or throttling errors and resulting downtime. Using CPU and memory usage and error baselines of several million containers, Global Intelligence for Kubernetes DevOps’ resource recommendations helps DevOps users and SREs eliminate guesswork and minimize risk and costs of their Kubernetes deployments.

Global Intelligence for Kubernetes DevOps

Global Intelligence for Nginx

March 3, 2021

Nginx is a web server that can be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. Global Intelligence for Nginx App is a companion to the Nginx ULM application and helps DevOps and infrastructure engineers compare server golden signals (load, error and throughput) and visitor activity patterns associated with their Nginx servers against tens of thousands of Nginx servers that beacon their logs to Sumo Logic. Such comparisons can help diagnose or eliminate Nginx problems over the course of an incident arising from sub-optimal configurations of Nginx servers and unusual bot activity, response size, HTTP verb mix, client mix or backend issues.

Global Intelligence for Nginx

Chart Units in Dashboard (New)

February 27, 2021

Dashboard (New) is all about visual control! We’re happy to announce that you can now add units to your charts to make them even easier to consume. With the updated chart units on dashboard panels, you can select a base unit and the chart will auto-adjust the unit as the numbers scale, making the data immediately understandable.


Chart Units in Dashboard (New)

Kubernetes App Updates & OOTB Alerts

February 24, 2021

The Kubernetes App has been updated to have more entity driven views, and a cleaner, easier to understand set of dashboards. In addition to the dashboards, this release includes OOTB alerts you can use to get going on your Kubernetes monitoring journey.

Kubernetes App Updates & OOTB Alerts

The Sumo Logic App for Microsoft Teams

February 23, 2021

The Sumo Logic app for Microsoft Teams provides your IT Operations, security and compliance teams out-of-the-box dashboards to ensure that security policies are being followed by monitoring user sessions, login activity, administrative activity, client browsers used and bots installed. In addition, these dashboards detect incoming threats via Sumo Logic Threat Intel and minimize and prevent breaches by analyzing user activity patterns.

The Sumo Logic App for Microsoft Teams

Microsoft Teams Connection

February 23, 2021

With this new connection, you can now start getting alert notifications within MS Teams with minimal setup. Sumo Logic provides a pre-built template so you just have to provide the channel name to start getting notifications. Furthermore, you can also get notified in MS Teams, when alerts are automatically resolved within Sumo Logic.

Microsoft Teams Connection

Root Cause Explorer Updates

February 5, 2021

Root Cause Explorer has now been enhanced with support for AWS SNS and SQS namespaces. This allows users to correlate Events of Interest related to SNS and SQS with other parts of an AWS stack to diagnose incidents. In addition, the Top Contributing Entities panel is redesigned for better readability. The Events of Interest detail panel is now redesigned to show time series data in the first tab avoiding an additional click to view time series data in a separate tab. The entity inspector also replaces the Related tab to access logs and dashboards related to the entity in focus. Lastly, Root Cause Explorer now supports cause-impact analysis driven by AWS X-ray traces augmented by an inferred service map.

Root Cause Explorer Updates

AWS Observability Updates

February 5, 2021

We are excited to announce support for ECS, ElastiCache and Network Load Balancers as well as 30+ out-of-the-box alerts for all supported services. As part of this release we have documented changes included in each version of our CloudFormation installation template, which will help you understand when to upgrade.

AWS Observability Updates

Dark Theme for Dashboard (New)

January 16, 2021

Dashboard (New) now supports a dark style theme for dashboards. Dark Theme makes dashboards pop by putting light colored visualizations and text on top of a darker background. This enables you to build gorgeous dashboards with eye catching contrast. Dark Theme is now GA for all dashboards, and can be opted into at any time by switching the theme setting on any Dashboard (New) dashboard.

Dark Theme for Dashboard (New)

Dig deeper into Sumo Logic

river lines K8s Tile Cover

Kubernetes Observability ebook

Monitoring, troubleshooting and securing Kubernetes with Sumo Logic.

river lines Ci report foreground 1

Continuous Intelligence Report

Get the first and only industry report that quantitatively defines the state of the modern application stack and its implication to the growing technology, process and culture shift amongst enterprises adopting Cloud and DevSecOps.