Analytics Tiers provide you with the economic flexibility by aligning your analytics to the value of your data. By using the Continuous and Frequent tiers, you can appropriately segment your data by use case and analytics needs, thus enabling you to optimize your analytics investments.
Types of Analytics Tiers
Sumo Logic Analytics Tiers each support a different use case and coming with its own set of features and capabilities:
- Continuous analytics analyzes mission-critical data sets where you need to monitor, dashboard, and alert. Example data sets include operational, security and compliance data that is used to ensure the real-time and continuous health and security of IT apps and infrastructure.
- Frequent analytics is optimized for exploratory data sets, where you are primarily focused only on searching and visualization of data. Example data sets include debug/info logs, customer support use cases, product analytics data, etc.
|Frequent ad-hoc analysis||Yes||Yes|
|Infrequent ad-hoc analysis||Yes||Yes|
|Performance||Max optimized||Best effort|
Assigning Analytics Tiers
All data is initially ingested into the General Index, which by default is of the Continuous type. Once your data is ingested, you can assign different subsets of your data to different analytics tiers according to the intended use, as Continuous or Frequent.
When planning your Analytics Tiers, it is important to remember the following guidelines:
- The General Index cannot be changed, and it is always Continuous type.
- The tier you assign your data to defines the data's use capabilities for searching and analyzing, as outlined in the table below.
The amount of data you can Ingest under either tier is defined by your Sumo account plan. For more information, contact your Sumo Account Representative.
Add a partition and assign data to an Analytics Tier
Partitions ingest your messages in real time, and differ from scheduled views in that partitions don't backfill with aggregate data. Partitions begin building a non-aggregate index from the time the partition is created and only index data moving forward (from the time of creation).
To add a partition for an analytics tier, do the following:
- In the Sumo left navigation bar, go to Manage Data > Settings, then select the Partitions tab.
- At the far right, click the plus sign (+). The Create Partition dialog appears.
- Enter a Partition Name, Routing Expression, and Retention Period or Apply the retention period of the General Index. Routing rules are different for each Analytics Tier type, as described in the following table.
|Routing||SourceCategory, metadata, and keywords||SourceCategory, metadata, and keywords|
|Same SourceCategory on multiple tiers||Continuous and Frequent||Continuous and Frequent|
- Select an Analytics Tier:
- Continuous. You can search and analyze data in a Continuous tier in real-time without further preparation.
- Frequent. You can only run interactive queries on data in a Frequent tier. For more information, see Searching Analytics Tiers.
- To forward data to a cloud environment, select Enable Data Forwarding, and specify the necessary information for the options that appear.
- Click Create.
Searching Analytics Tiers
How you can search data differs according to the Analytics Tier (partition), as described in the following table. You should also familiarize yourself with Searching Frequent data.
Searching Frequent data
When you search for data in Frequent Analytics partitions, you must explicitly reference the partition. For example, to search for errors in a query you must reference the partition by name:
You can search for data across multiple tiers, as long as you follow this rule for Frequent partitions, and refer to _index=partition_name.
Common Error Messages
This section covers the most common error messages for Analytics Tiers.
- If you try to add a panel to a dashboard with a Frequent or Infrequent Analytics partition, you receive the following error.
- If you attempt a Scheduled View or Scheduled Search with a Frequent Analytics partition, you receive an error message letting you know that this is not allowed.