Skip to main content
Sumo Logic

Install the Varnish App and view the Dashboards

The Sumo Logic app for Varnish includes several Dashboards that allow you instant access to information about your system's visitors, traffic, and web server operations.

This page has instructions for installing Sumo Logic Monitors for Varnish, the app, and descriptions of each app dashboard.

Sumo Logic has provided pre-packaged alerts available through Sumo Logic monitors to help you proactively determine if a Varnish cluster is available and performing as expected. These monitors are based on metric and log data and include pre-set thresholds that reflect industry best practices and recommendations. For more information about individual alerts, see Varnish Alerts.

To install these monitors, you must have the Manage Monitors role capability.

You can install monitors by importing a JSON file or using a Terraform script.

Method 1: Install Monitors by importing a JSON file

  1. Download the JSON file that describes the monitors. 

  2. The JSON contains the alerts based on Sumo Logic searches that do not have any scope filters. Therefore, it will apply to all Varnish clusters, the data for which has been collected via the instructions in the previous sections.  

    However, if you would like to restrict these alerts to specific clusters or environments, update the JSON file by replacing the text cache_cluster=* with <Your Custom Filter>.  

Custom filter examples: 

  1. For alerts applicable only to a specific cluster, your custom filter would be cache_cluster=dev-varnish01

  2. For alerts applicable to all clusters that start with varnish-prod, your custom filter would be cache_cluster=varnish-prod*

  3. For alerts applicable to a specific cluster within a production environment, your custom filter would be cache_cluster=dev-varnish01 AND environment=prod (This assumes you have set the optional environment tag while configuring collection)

3. Go to Manage Data > Alerts > Monitors.

4. Click Add.

5. Click Import.
import-option.png

6. On the Import Content popup, enter Varnish in the Name field, paste the JSON into the popup, and click Import.
import-content.png

7. The monitors are created in a "Varnish" folder. The monitors are disabled by default. See the Monitors topic for information about enabling monitors and configuring notifications or connections.

Method 2: Install Monitors using a Terraform script

Step 1: Generate a Sumo Logic access key and ID

Generate an access key and access ID for a user with the Manage Monitors role capability; for instructions, see  Access Keys

Step 2: Download and install Terraform

Download Terraform 0.13 or later and install it. 

Step 3: Download the Sumo Logic Terraform package for MySQL monitors

The alerts package is available in the Sumo Logic GitHub repository. You can either download it using the git clone command or as a zip file. 

Step 4: Alert Configuration 

After extracting the package , navigate to the  terraform-sumologic-sumo-logic-monitor/monitor_packages/Varnish/ directory.

Edit the varnish.auto.tfvars file and add the Sumo Logic Access Key and Access ID from Step 1 and your Sumo Logic deployment. If you're not sure of your deployment, see Sumo Logic Endpoints and Firewall Security

access_id   = "<SUMOLOGIC ACCESS ID>"

access_key  = "<SUMOLOGIC ACCESS KEY>"

environment = "<SUMOLOGIC DEPLOYMENT>"

The Terraform script installs the alerts without any scope filters; if you would like to restrict the alerts to specific clusters or environments, update the varnish_data_source variable. For example:

To configure alerts for...

Set varnish_data_source to something like :

A specific cluster

cache_cluster=varnish.prod.01

All clusters in an environment

environment=prod

Multiple clusters using a wildcard

cache_cluster=varnish-prod*

A specific cluster within a specific environment

cache_cluster=varnish-1 and environment=prod

This assumes you have configured and applied Fields as described in Step 1: Configure Fields of the Sumo Logic of the Collect Logs and Metrics for Varnish topic.

All monitors are disabled by default on installation. To enable all of the monitors, set the monitors_disabled parameter to false.

By default, the monitors will be located in a "Varnish" folder on the Monitors page. To change the name of the folder, update the monitor folder name in the folder variable in the varnish.auto.tfvars file.

If you want the alerts to send email or connection notifications, follow the instructions in the next section.

Step 5: Email and Connection Notification Configuration Examples

Edit the varnish_notifications.auto.tfvars file to populate the connection_notifications and email_notifications sections. Examples are provided below.

Pagerduty connection example

In the variable definition below, replace <CONNECTION_ID> with the connection ID of the Webhook connection. You can obtain the Webhook connection ID by calling the Monitors API.

connection_notifications = [
    {
      connection_type       = "PagerDuty",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "{\"service_key\": \"your_pagerduty_api_integration_key\",\"event_type\": \"trigger\",\"description\": \"Alert: Triggered {{TriggerType}} for Monitor {{Name}}\",\"client\": \"Sumo Logic\",\"client_url\": \"{{QueryUrl}}\"}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    },
    {
      connection_type       = "Webhook",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]
Email notifications example
email_notifications = [
    {
      connection_type       = "Email",
      recipients            = ["abc@example.com"],
      subject               = "Monitor Alert: {{TriggerType}} on {{Name}}",
      time_zone             = "PST",
      message_body          = "Triggered {{TriggerType}} Alert on {{Name}}: {{QueryURL}}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]

Step 6: Install Monitors

  1. Navigate to the terraform-sumologic-sumo-logic-monitor/monitor_packages/varnish/ directory and run terraform init. This will initialize Terraform and download the required components.
  2. Run terraform plan to view the monitors that Terraform will create or modify.
  3. Run terraform apply.

This section demonstrates how to install the Varnish App.

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 

  2. Select the version of the service you're using and click Add to Library.

  1. To install the app, complete the following fields.

    1. App Name. You can retain the existing name or enter a name of your choice for the app.


    2. Data Source. 

      • Choose Enter a Custom Data Filter, and enter a custom Varnish cluster filter. Examples: 

        1. For all Varnish clusters
          cache_cluster=*

        2. For a specific cluster:
          cache_cluster=varnish.dev.01.

        3. Clusters within a specific environment:
          cache_cluster=varnish-1 and environment=prod
          (This assumes you have set the optional environment tag while configuring collection)

    3. Advanced. Select the Location in the Library (the default is the Personal folder in the library), or click New Folder to add a new folder.

    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder or another folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but you'll see full graphs and maps in a bit of time.

Dashboard Filters with Template Variables

Template variables provide dynamic dashboards that rescope data on the fly. As you apply variables to troubleshoot through your dashboard, you can view dynamic changes to the data for a fast resolution to the root cause. For more information, see the Filter with template variables help page.

Varnish - Overview

The Varnish - Overview Dashboard provides a high-level view of the activity and health of Varnish servers on your network. Dashboard panels display visual graphs and detailed information on visitor geographic locations, traffic volume and distribution, responses over time, and time comparisons for visitor locations and uptime, cache hit, requests, VLC.

Use this dashboard to :

  • Analyze Request backend, frontend, VLCs, Pool, Thread, VMODs, and cache hit rate.
  • Analyze HTTP request about status code
  • Gain insights into Network traffic for your Varnish server.
  • Gain insights into originated traffic location by region. This can help you allocate computer resources to different regions according to their needs.
  • Gain insights into Client, Server Responses on Varnish Server. This helps you identify errors in Varnish Server.

Varnish - Visitor Traffic Insight

The Varnish - Visitor Traffic Insight Dashboard provides detailed information on the top documents accessed, top referrers, top search terms from popular search engines, and the media types served.

Use this dashboard to:

  • Gain insights into visitor traffic.
  • Identify top URLs visited.
  • Determine visitor locations.
  • Platforms, browsers, PC, Mac versions are used by the visitors to access.

Varnish - Web Server Operations

The Varnish - Web Server Operations Dashboard provides a high-level view combined with detailed information on the top ten bots, geographic locations, and data for clients with high error rates, server errors over time, and non 200 response code status codes. Dashboard panels also show server error logs, error log levels, error responses by the server, and the top URLs responsible for 404 responses.

Use this dashboard to:

  • Determine failures in responding.
  • Identify visitor locations with 4xx errors.
  • Gain insights into Clients causing a lot of 4xx errors.

Varnish - Traffic Timeline Analysis

The Varnish - Traffic Timeline Analysis dashboard provides a high-level view of the activity and health of Varnish servers on your network. Dashboard panels display visual graphs and detailed information on traffic volume and distribution, responses over time, as well as time comparisons for visitor locations and server hits.

Use this dashboard to:

  • To understand the traffic distribution across servers, provide insights for resource planning by analyzing data volume and bytes served.
  • Gain insights into originated traffic location by region. This can help you allocate compute resources to different regions according to their needs.

Varnish - Outlier Analysis

The Varnish - Outlier Analysis dashboard provides a high-level view of Varnish server outlier metrics for bytes served, the number of visitors, and server errors. You can select the time interval over which outliers are aggregated, then hover the cursor over the graph to display detailed information for that point in time.

Use this dashboard to:

  • Detect outliers in your infrastructure with Sumo Logic’s machine learning algorithm. 
  • To identify outliers in incoming traffic and the number of errors encountered by your servers.

Varnish - Threat intel

The Varnish - Threat Intel Dashboard provides an at-a-glance view of threats to Varnish servers on your network. Dashboard panels display threats count over a selected time period, geographic locations where threats occurred, source breakdown, actors responsible for threats, severity, and a correlation of IP addresses, method, and status code of threats.

Use this dashboard to:

  • To gain insights and understand threats in incoming traffic and discover potential IOCs. 
  • Incoming traffic requests are analyzed using the Sumo - Crowdstrikes threat feed.

Varnish - Backend Servers

Varnish - Backend Servers dashboard provides several metrics that describe the communication between Varnish and its backend servers.

Use this dashboard to:

  • Review and manage the health of backend and frontend communication.

Varnish - Bans and Bans Lurker

Varnish - Bans and Bans Lurker tells you the list of Bans filters applied to keep Varnish from serving stale content.

Use this dashboard to:

  • Gain insights into bans and make sure that Varnish is serving the latest content.

Varnish - Cache Performance

The Varnish - Cache Performance dashboard provides worker thread related metrics to tell you if your thread pools are healthy and functioning well.

Use this dashboard to:

  • Gain insights into the performance and health of Varnish Cache.
  • Determine if any corrective actions are required to provide high performance and availability.

Varnish - Clients

The Varnish - Clients dashboard check collects Varnish metrics regarding connections and requests.

Use this dashboard to:

  • Review the current sessions and load on Varnish.
  • Determine if there are failures because of overloading and if additional resources are required.

Varnish - Threads 

The Varnish - Threads Dashboard helps you to keep track of threads metrics to watch your Varnish Cache.

Use this dashboard to:

  • Manage and understand threads in the Varnish system