Skip to main content
Sumo Logic

Install the Observable Networks App and view the Dashboard

  1. Last updated
  2. Save as PDF

Install the Sumo Logic App

Now that you have configured Observable Networks, install the Sumo Logic App for Observable Networks to take advantage of the preconfigured searches and dashboards to analyze your Observable Networks data.

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Observable Networks Overview

The Observable Networks Overview Dashboard is intended to provide an at-a-glance view into your network.

Effective Session Count. Displays the number of effective "flows" ("sessions") as a single value chart for the last hour.

Roles. Provides a breakdown of the types of endpoints currently on the network in a pie chart for the last hour. Endpoint types could be WebServer, iOS, Printer, etc. Roles are published every hour, so this Panels displays the latest role distribution on your network.

Recent Alert Updates. Shows a list of recently updated alerts in a table with a URL link to their alert detail page on the Observable Networks portal for the last six hours. Click the links for more details about an alert. If this Panel is empty, that means there have been no alerts for the last six hours.

Observation Origins. Displays observations that relate to activity with external endpoints (e.g., "New External Server") on a map of the world for the last six hours.

Recent Observations. Lists the latest observations on the system and their counts in a table for the last six hours. Observations are notable events about your network, which are the building blocks for alerts.

Observations by Time. Displays the frequency of each observation type as an area chart on a timeline for the last six hours.

Searches

Recent Flow Count. This query shows the history of flow counts for your network. A network flow describes a single piece of communication on your network, including source and destination IPs, ports, and protocol (TCP, UDP, etc.). Flows are the main input to the Observable Networks platform.

Role History. This multi-line graph shows the population of each role type on the network. Here you can track how the population of your network has changed over time. For example, the number of iOS devices and printers.

Top Observation Hosts. This is simple query shows the hosts (sources) with the most observation counts.