Skip to main content
Sumo Logic

Lab 7 - Exporting and sharing your starter SOC dashboard

You may export content as JSON, including whole folders with subfolders, saved log searches, saved metric queries, and dashboards. Then you can import the content as JSON into the same or another Sumo Logic organization and share it with others.

In this lab, you will learn how to export the SOC_<your_initials###> dashboard from the training environment and import to your company's environment.  Before importing, you simply update the pointers to your AWS environment using our sending metadata such as sourceCategory. Finally, you will learn to share your starter SOC dashboard, or any other content, with others.

Lab Activity

Exporting the dashboard from the training environment

  1. In the navigation panel, click Personal folder, then select your SOC_<your_intiitals###> dashboard that you created in earlier labs and click the details icon.


     

  2. To begin writing the JSON output, select Export.


     

     

  1. The export popup window will appear as below. Here you can select either to Copy or Download the JSON format. For this lab, select Download, then click the Done button

  1. You will receive a message telling you that is successfully downloaded. Open the JSON file you just downloaded in the text editor. Here are some text editors that will recognize the JSON format <VSCode (visual studio), Sublime, ATOM).
     
  2. In order to connect the location of your incoming data source with this dashboard, you need to replace the sending metadata tag _sourceCategory from the training environment to your corporate environment. Open your downloaded JSON file in your text editor. 
     
  3. In this example using Visual Studio Code as my text editor,  you can then select Edit and then Replace to change the _sourceCategory value.
      clipboard_e4f876aea512f0fa27a778f5c29dbb631.png

 

Add the lookup tables for the Parameters: Actor and Event_type 

  1. You will need to recreate the lookup tables in your corporate environment. For the Actor lookup table, run this log search for Last 24 Hours. You will need to modify the _sourceCategory value to point to your AWS data

    _sourceCategory=Labs/AWS/CloudTrail
    | json field=_raw "userIdentity.sessionContext.sessionIssuer.userName" as actor
    | count by actor
    | fields - _count /*removes the _count metadata column leaving only the actors */
    | save shared/junktest_aws_actor_list /* stores the results into the table */

     

  2. If you also want to create a lookup table for the eventtype, run this log search for Last 24 Hours. You will need to modify the _sourceCategory value to point to your AWS data
     

_sourceCategory=Labs/AWS/CloudTrail
| json field=_raw "eventType" as eventtype
| count by eventtype
| fields - _count /*removes the _count metadata column leaving only the eventtype */
| save shared/jas232_aws_eventtype_list /* stores the results into the table */

 

  1. In both cases you will see this dialog box to verify you want to save your output to a file. 

Screen Shot 2020-07-17 at 1.19.04 PM.png

Import your modified JSON dashboard 

  1. You will need to copy your JSON code before you import. Copy your JSON from your editor into your clipboard.
     
  2. Ensure you are logged into your corporate Sumo Logic environment. In the left navigation pane, to the right of the search window, Click the details icon  and then select Import. 

clipboard_e402a5ca4e71c65ea14f4eff5df3dcbed.png

  1. Under Name enter the name you want to call this dashboard and paste in your JSON code from the clipboard.



 

  1. At the bottom of your import panel you will be an Import and Cancel button. To execute the import, Click Import.
     
  2. Finally be sure to test that your dashboard imported successfully by opening it in Sumo Logic and observe the results.
  3. You may wish to share this SOC_AWS dashboard with others. If so you, find the SOC_AWS dashboard, and to the right of the pane, click the details icon and click Share.

    Screen Shot 2020-10-21 at 11.40.27 AM.png
     
  4. The Share SOC_AWS Dashboard popup window will appear. You can share with either users or roles, granting their permissions, see who has access, and copy a shareable URL. If you provide the shareable URL, it makes it easier for them to not have to go search for it.

    Screen Shot 2020-10-21 at 11.43.07 AM.png
     

Quiz (True or False?)

  1. Export outputs JSON format. 

  2. Before importing, I must change the pointers to my data using a visual text editor.

  3. After importing, I cannot share the dashboards with others.

Summary

Congratulations! You’ve completed these tasks:

  1. Exported a dashboard.

  2. Edited the JSON file to point to my data.

  3. Imported a dashboard.