This topic has instructions for how to send raw messages, Records, and Signals to the Sumo Logic platform. Once you perform the configuration described below, CSE will start sending data on a continuous basis.
About the configuration process
The integration process described in this topic consists of creating an HTTP Source in Sumo Logic to which the data from CSE will be sent, and configuring one or more indexes in CSE. An index configuration specifies the type of CSE data to send to Sumo Logic (raw messages, Records, or Signals), the URL of the target HTTP Source, and optionally, filtering criteria to limit the data that is sent. The name you assign to the index configuration will be used to form a metadata field,
_sourceCategory, which will be attached to the forwarded data—you’ll be able to use the
_sourceCategory value to search the CSE data in Sumo Logic platform.
An index you create in CSE is specific to the type of data you want to send to Sumo Logic: raw messages, Records, or Signals. So, if you want to send all three types—raw messages, Records, and Signals—at a minimum you’d set up three index configurations. You might want to segment your data further, for instance by assigning Records to different index configurations in CSE. Doing so will make it easier to search the CSE data in Sumo Logic, because the data assigned to each index has its own
Step 1: Configure an HTTP Source in Sumo Logic
In this step, you create an HTTP Source on a Hosted Collector on the Sumo Logic platform to receive data from CSE. You can use an existing Hosted Collector, or configure a new collector, as described in the Configure a Hosted Collector topic.
To configure an HTTP Source
- In the Sumo Logic web app, go to Manage Data > Collection > Collection.
- On the Collection page, find the Host Collector where you want to locate the HTTP Source, and click Add Source.
- On the Select Source… page, click HTTP Logs & Metrics.
- The source configuration page appears.
- Name. Enter a name for the source.
- Description. (Optional) Enter a description of the source.
- Click Save.
- The HTTP Source Address popup appears. Copy the URL. You'll need to supply in Step 2, below.
Step 2: Configure CSE to forward data to Sumo Logic platform
In this step, you configure an index in CSE that specifies what type of data you want to send to the Sumo Logic platform, the URL of the target HTTP Source on Sumo Logic, and if desired, a filter expression to limit the data forwarded to Sumo Logic.
Perform these steps for each CSE data set you want to send to Sumo Logic,
- In the CSE UI, click the gear icon, and then click Sumo Logic.
- On the Integrations page, click Index, and then Create.
- The Create Index Configuration page appears.
- Name. This will be used in the
_sourceCategorymetadata field that Sumo Logic will apply to the data you send from CSE to Sumo Logic.
- Data Stream. Select one of the following options:
- Raw. CSE will send raw messages to the Sumo Logic platform.
- Record. CSE will send Records to the Sumo Logic platform.
- Signals. CSE will send Signals to the Sumo Logic platform.
- Index URL. Enter the URL for the HTTP Source you created in Step 1.
- Filter Expression. (Optional) If you enter a filter expression, only data that matches the expression will be sent to the specified HTTP Source. Filtering is most useful when you're forwarding Records (as opposed to raw messages or Signals. To filter Records, you can use any of the functions supported in rule expressions. For more information, see CSE Rules Syntax.
- Click Create.
Searching CSE data in Sumo Logic
To search raw messages, Records, and Signals in Sumo Logic, use the following
_sourceCategory convention, where
<IndexName> is the name you assigned to the Index in CSE.
|To search for||Use this _sourceCategory|