Skip to main content
Sumo Logic

Data Volume App V2

The Data Volume App allows you to view at a glance your account's data usage volume by tier, category, collector, source name, and hosts. The app uses predefined searches and dashboards that provide visibility into your environment for real-time analysis of overall usage.

Before you can use the Data Volume app, an administrator must first enable the feature. For more information, see Enable and Manage the Data Volume Index.

Once the Data Volume Index is enabled, volume data is not back filled to any time before the feature was enabled. The Data is provided once the feature is enabled forward.

Install the Data Volume App

Your administrator must enable Data Volume from Administration > Account > Data Management before installing this app.

Data Volume App Dashboards

For each Panel in the Dashboard, you can perform the following actions:

  • To display details on the Panel time range, hover over the text in the top right corner.
  • To zoom into the Panel for more information, click the magnifying glass icon in the header.

Data Volume - Overview

The Data Volume - Overview dashboard helps you understand how much data you are ingesting in logs (by Tiers), Metrics and Tracing. 

Use this dashboard to:

  • Identify the top 5 sources in logs, metrics, and traces that contribute the most to ingested data volume.
  • Analyze distribution by usage percentage of various sources.

Data Volume - Logs

The majority of data ingest typically comes from log volumes. From the Data Volume - Logs dashboard, you can see your log ingest volume by tier in greater detail, outlining ingest spikes, outliers, and quota.

Use this dashboard to:

  • Determine the log ingest volume and its trend in GB for different tiers.
  • Identify the spikes where current hour ingestion is above some percentage from the last hour. This percentage is 50 % for Last Data Point and 70 % for Moving Average. 
  • Identify the outliers (where ingestion has gone outside the specified threshold) and forecast your data ingestion (You can see the line break between actual ingest and predicted ingest at the current date).
  • Determine the log data for default index and top non-default Indexes.
  • Analyze the comparison of your current ingestion to your capacity and review any overages. You must configure the “Subscribed_Average_Daily_Log_Ingest_Capacity” variable based on your Account Subscription. See Administration > Account > Account Overview to see your Daily Average Capacity Value.

Data Volume (Logs) by various metadata fields

You can also drill down on source metadata, using the metadata you've created within Sumo to define your log sources better.

Use this dashboard to:

  • Identify the top 5 sources categories, source hosts, and collectors by volume usage.
  • Analyze the distribution of ingested sources for sources categories, source hosts, and collectors.

Data Volume - Metrics

Another point of volume ingest is metrics. We measure metric ingestion for your account in data points and data points per minute (DPM). This Dashboard helps to review details of your data ingestion and to identify areas of high-volume ingest.

Use this dashboard to:

  • Determine the ingested data points for metrics and their trend in DPM.
  • Identify the spikes where current hour ingestion is above some percentage from the last hour. This percentage is 50 % for Last Data Point and 70 % for Moving Average. 
  • Identify the outliers (where ingestion has gone outside the specified threshold) and forecast your data ingestion (You can see the line break between actual ingest and predicted ingest at the current date).
  • Identify the top 5 sources categories, source hosts, sources, and collectors by volume usage in DPM.
  • Analyze the comparison of your current ingestion to your capacity and review any overages. You must configure the “Subscribed_Metric_DPM_Ingest_Capacity” variable that needs to be configured based on Account Subscription. See Administration > Account > Account Overview to see your Capacity Values.

Data Volume - Log Spikes

This Dashboard helps to review details of your data ingested for logs.

Use this dashboard to:

  • Identify the outliers by time slices, where the data volume exceeds the moving average by a statistically significant amount, three standard deviations.
  • Determine the spikes for top sources that have experienced the largest ingest spikes compared to the previous day.
  • Distribution of different sources by log ingestion.

Data Volume - Capacity Utilization

See the subscribed, actual, and percentage capacity utilization for logs and metrics.

Use this dashboard to:

  • Identify the log and metrics ingestion capacity of your subscription. You must configure the "Subscribed_Daily_Log_Ingest_Capacity" and “Subscribed_Metric_DPM_Ingest_Capacity” variables, based on your Account Subscription. See Administration > Account > Account Overview to see the log ingest capacity value, and metric DPM ingest capacity value.
  • Identify the average ingestion and subscribed ingestion capacity by percentage for Logs and Metrics. 

Data Volume - Tracing

Another point of volume ingestion is tracing. We measure tracing ingestion for your account in billed bytes or Spans count per minute. This Dashboard helps to review details of your data ingest and to identify areas of high-volume ingest.

Use this dashboard to:

  • Determine the ingested billedBytes/spansCount for tracing and its trend.
  • Identify the spikes where the percentage of the current hour ingestion is higher than the percentage from the previous hour. This percentage is 50 % for Last billedBytes/spansCount 70 % for Moving Average. 
  • Identify the outliers (where ingestion has gone outside the specified threshold) and forecast your data ingestion (You can see the line break between actual ingest and predicted ingest at the current date).
  • Identify the top 5 source categories, source hosts, sources, and collectors by SpansCount and billedBytes.

Data Volume - Credits

The credits Dashboard helps track the credits based on different sources for Logs, Metrics, and Traces. You can also analyze credit consumption across log tiers (frequent/infrequent/continuous/Cloud SIEM Enterprise). We assume default burn down rates; however, these may not apply to you based on your contract with Sumo Logic. To change them, change the default values as described in the section below in the dashboard filters to match your contract terms. 

Use this dashboard to:

  • Identify the number of credits consumed and its trend across Logs (by different tiers), Metrics, Tracing. 
  • Determine the top sources based on their credit usage for Logs (by different tiers), Metrics, and Tracing.

Instructions to setup burn down rates for consumables

Burn down rate is the ratio for logs is the number of Credits consumed per 1 GB of ingested data. This ratio is different for each tier. Similarly, CSE ingests, Metrics and Tracing have their burn down rates. 

Credit Variable

Unit

Default Credits per Unit

Measure (Now)

Cloud SIEM Enterprise

1 GB

25

_index=sumologic_volume, "sourcecategory_and_tier_volume", and dataTier matches "CSE"

Logs - Continuous Analytics

1 GB

20

_index=sumologic_volume, "sourcecategory_and_tier_volume", and dataTier matches "Continuous"

Logs - Frequent Analytics

1 GB

9

_index=sumologic_volume, "sourcecategory_and_tier_volume", and dataTier matches "Frequent"

Metrics

1,000 DPM

3

metric volume index by category, collector, etc.

Logs - Infrequent Ingest

1 GB

0.4

_index=sumologic_volume, "sourcecategory_and_tier_volume", and dataTier matches "Infrequent"

Tracing- Ingest

1 GB 

14

_index=sumologic_volume, "sourcecategory_tracing_volume" 

When Data Volume V2 App JSON is imported for the first time, the App is set up to use these default burn down rates. However, these may vary for your Sumo Org based on your contract. It’s advised that customers confirm these burn-down rates with their AE to ensure the usage reports closely track the usage reported on the Accounts page.

Users can then fill in the correct burn-down rates on the Credits dashboard page.