Sumo Logic Overview

Sumo Logic is a cloud-based log management and analytics service that leverages machine-generated big data to deliver real-time IT insights. We can log system health and custom messages in sumo logic.

Benefits of Sumo Logic over ELK:

  1. Sumo Logic is cloud-based log management tool so it requires less maintenance, but in ELK you need to provide infrastructure.
  2. Sumo Logic has pre-built dashboards for many common items that administrators, developers, and security folks would like to see, ready to install and start displaying data in an insightful way, but in ELK you need to create dashboards.
  3. For Sumo Logic you need to manage only collector installation on Servers, but in ELK you have to manage Elastic search, Logstash and Kibana etc.
  4. Alerts and Notifications are simple in Sumo Logic, but in ELK you need extra plugins like Watcher and Elastalert.

Sumo Logic Integration

We can use sumo logic to log custom messages and system health.
  1. To log system health we can use Installed Collectors of Sumo Logic. By using Installed Collectors we can log custom messages also but we need to write that custom messages in file using particular format and upload that file through Sumo Logic
  2. To log custom messages we can use Hosted Collectors
1. Installed Collectors: We need to install sumo logic collector on required machines and these machines send information to sumo logic (Refer below diagram).
Following is the snapshot of windows event logs which are collected by collector present on that machine in Sumo Logic UI:
2. Hosted Collectors: There is no need to install collector on machines we can collect information using HTTP sources.
Following is the snapshot of messages sends to Sumo Logic using HTTP Source:

How to perform search in Sumo Logic:

Query Syntax: The basis of Sumo Logic Search is a funnel or "pipeline" concept: beginning from all of your current Sumo Logic data, you enter keywords and operators separated by pipes ("|"). Each operator acts on the results from the previous operator to further process your results. Results are returned incrementally with the most recent messages displaying first. Additional messages are added progressively to the Messages tab as the search walks backward in time through all of your log data. The syntax for a typical search query looks something like this: 
keyword expression | operator 1 | operator 2 | operator 3
Keyword Expression: For simplicity, we refer to the first term in a search query as a "keyword" expression. In fact, this portion of the query is a very powerful full-text, Boolean search expression. The keyword expression also encompasses metadata searches for fields such as _sourceCategory, _sourceHost. For more on full-text search in queries, see Keyword Search Expressions. Operators: After filtering with an initial full-text search, the operators that follow can extract strings, parse known message components into fields, refine results using conditional expressions, and then group, count, or sort results. In addition, the summarize operator can be used to reveal patterns in a set of logs by automatically grouping messages with similar structures and commonly repeated text strings into clusters. 
e.g. _sourceCategory=apache | parse "username=*" as username
Like SQL searches we can use where, and, or, join operators after pipes ("|") in Sumo Logic.

Implementation of HTTP Source:

To collect data using HTTP source follow below steps:
  1. Create Hosted Collector
  2. Click on Add Source link present on created hosted collector.
  3. Select HTTP source and fill required information like source name, description, source host, source category etc.
  4. Click on Save link and it will show pop up having HTTP Source Address 
    HTTP Source Address Sample:  https://endpoint1.collection.us2.
sumologic.com/receiver/v1/http/ZaVnC4dhaV1-SdszRllKGS_1ALUpvM8_
MHsS0tdikNpjG1y6r1sAE_Pf09sTFrXUleMpaykSeVK-
hfxH5tZTveCTSbDyMG4EreqwoIMyYEcfu96F7Qz1uMiA==
  5. Add following code in application 
    Uri uri = new Uri("https://endpoint1.collection.us2.sumologic.com/
receiver/v1/http/
ZaVnC4dhaV1-SdszRllKGS_1ALUpvM8_MHsS0tdikNpjG1y6r1sAE_Pf09sTFrXUl
eMpaykSeVK-hfxH5tZTveCTSbDyMG4EreqwoIMyYEcfu96F7Qz1uMiA==");
HttpRequestMessage requestMessage = new HttpRequestMessage
                                  (HttpMethod.Post, uri);
requestMessage.Content = messageString;
var client = new HttpClient();
HttpResponseMessage response = client.SendAsync(requestMessage)
                                        .Result;
    Above code will send messages to Sumo Logic over HTTP and you will get the messages on Sumo Logic UI.
Thanks in Advance. Hope this guide helps you!!!

Comments

Post a Comment

Popular posts from this blog

Sonarqube Integration with Visual Studio 2022 and VS Code

Image
Overview This article explains about Sonarqube and its plugins of visual studio. By using plugin, we can detect sonarqube issues on local machine upfront. So that our clean code would be pushed on version control system. Also we can enable Sonar scans on every build which is a part of CI pipeline Sonarqube SonarQube is an open-source platform designed to improve code quality and maintainability in software development projects. It is a static code analysis tool that performs automated code reviews, identifies issues, and provides insights into the health of your codebase. SonarQube is a valuable tool for developers, quality assurance teams, and project managers, helping them ensure the long-term quality and reliability of their software. Key Features: Code Quality Metrics: SonarQube provides a range of metrics, including code complexity, code duplication, and code smells, to assess the overall quality of your code. Issue Detection: It identifies and reports on co...
Read more

Run And Debug Test Cases Using Jest With Different CLI Options

Welcome file Overview In this article, We will be looking at different ways to run Jest test cases also we will be looking at debugging test case in Jest Jest CLI provides a different options to run unit test cases. We can run Jest test cases as we want. I have described below some of the ways of to run test cases. Run all tests Run tests that are contain in a file Run all tests that are related to changed file Run tests related to path Run tests that match spec name Run only single test Skip test cases Run tests in watch mode Prerequisite You need to have Node installed in order to use npm (node package manager). After installing node we require Jest Package which will be downloaded from NPM package store Jest CLI Options Run all tests By Default Jest runs all tests jest Run tests that are contain in a file Run tests that were specified in file jest testfilename.js jest path/to/testfilename.js Run all tests that are related to changed f...
Read more

Install Kibana as Windows Service Using Powershell

This guide installs Kibana as Windows service using Powershell. Kibana: Kibana is an open source data visualization plugin for Elasticsearch . It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and maps on top of large volumes of data Requirement: Elasticsearch Steps executed in following powershell script: Download NSSM – the Non-Sucking Service Manager $webclient = New-Object System.Net.WebClient $url = "https://nssm.cc/release/nssm-2.24.zip" $file = "$pwd\nssm.zip" $webclient.DownloadFile($url,$file) Unzip NSSM zip file at some location $shell = new-object -com shell.application $zip = $shell.NameSpace("$pwd\nssm.zip") foreach($item in $zip.items()) { $shell.Namespace("C:\").copyhere($item) } Add nssm.exe application path in Environment Variables $env:path +=';C:\nssm-2.24\win64' Download Kibana $webclient = ...
Read more