Skip to main content
Sumo Logic

Lab 8 - Exporting your starter SOC dashboard

You may export content as JSON, including whole folders with subfolders, saved log searches, saved metric queries, and Dashboards. Then you can import the content as JSON into the same or another Sumo Logic organization.

In this lab, you will learn how to export the SOC_<your_initials###> dashboard from the training environment and import to your company's environment.  Once imported you simply update the pointers to your AWS environment using our sending metadata such as sourceCategory.

Lab Activity

Exporting the dashboard from the training environment

  1. In the navigation panel, click Personal folder, then select your SOC_<your_intiitals###> dashboard that you created in earlier labs and click the 3 vertical dots or more's.

    Screen Shot 2020-09-09 at 11.16.49 PM.png
     

  2. To begin writing the JSON output, select Export.

    Screen Shot 2020-09-09 at 11.25.31 PM.png
     

     

  1. The export popup window will appear as below. Here you can select either to Copy or Download the JSON format. For this lab, select Download, then click the Done button

Screen Shot 2020-09-09 at 11.27.25 PM.png

  1. You will receive a message telling you that is successfully downloaded. Open the JSON file you just downloaded in the text editor. Here are some text editors that will recognize the JSON format <VSCode (visual studio), Sublime, ATOM).
     
  2. In order to connect the location of your incoming data source with this dashboard, you need to replace the sending metadata tag _sourceCategory from the training environment to your corporate environment. Open your downloaded JSON file in your text editor. 
     
  3. In this example using Visual Studio Code as my text editor,  you can then select Edit and then Replace to change the _sourceCategory value.
      clipboard_e4f876aea512f0fa27a778f5c29dbb631.png

 

Add the lookup tables for the Parameters: Actor and Event_type 

  1. You will need to recreate the lookup tables in your corporate environment. For the Actor lookup table, run this log search for Last 24 Hours. You will need to modify the _sourceCategory value to point to your AWS data

    _sourceCategory=Labs/AWS/CloudTrail
    | json field=_raw "userIdentity.sessionContext.sessionIssuer.userName" as actor
    | count by actor
    | fields - _count /*removes the _count metadata column leaving only the actors */
    | save shared/junktest_aws_actor_list /* stores the results into the table */

     

  2. If you also want to create a lookup table for the eventtype, run this log search for Last 24 Hours. You will need to modify the _sourceCategory value to point to your AWS data
     

_sourceCategory=Labs/AWS/CloudTrail
| json field=_raw "eventType" as eventtype
| count by eventtype
| fields - _count /*removes the _count metadata column leaving only the eventtype */
| save shared/jas232_aws_eventtype_list /* stores the results into the table */

 

  1. In both cases you will see this dialog box to verify you want to save your output to a file. 

Screen Shot 2020-07-17 at 1.19.04 PM.png

Import your modified JSON dashboard 

  1. You will need to copy your JSON code before you import. Copy your JSON from your editor into your clipboard.
     
  2. Ensure you are logged into your corporate Sumo Logic environment. In the left navigation pane, to the right of the search window, Click the three vertical dots  and then select Import. 

clipboard_e402a5ca4e71c65ea14f4eff5df3dcbed.png

  1. Under Name enter the name you want to call this dashboard and paste in your JSON code from the clipboard.

clipboard_e97d366b179dd98c797aa455b9d28c0f4.png

 

  1. At the bottom of your import panel you will be an Import and Cancel button. To execute the import, Click Import.
     
  2. Finally be sure to test that your dashboard imported successfully by opening it in Sumo Logic and observe the results.

     

Quiz (True or False?)

  1. Export outputs JSON format. 

  2. Before importing, I must change the pointers to my data using a visual text editor.

Summary

Congratulations! You’ve completed these tasks:

  1. Exported a dashboard.

  2. Edited the JSON file to point to my data.

  3. Imported a dashboard.