Skip to main content
Sumo Logic

Analytics Tiers

Analytics tiers provide the ability to mark your datasets according to how often you access the data: Continuous, Frequent, or Infrequent.

Analytics Tiers provide you with the economic flexibility by aligning your analytics to the value of your data. By using the Continuous, Frequent, or Infrequent tiers, you can appropriately segment your data by use case and analytics needs, thus enabling you to optimize your analytics investments.

Types of Analytics Tiers

There are three types of Analytics Tiers, each supporting a different use case and coming with its own set of features and capabilities. 

  • Continuous analytics analyzes mission-critical data sets where you need to monitor, dashboard, and alert. Example data sets include operational, security and compliance data that is used to ensure the real-time and continuous health and security of IT apps and infrastructure.
  • Frequent analytics is optimized for exploratory data sets, where you are primarily focused only on searching and visualization of data. Example data sets include debug/info logs, customer support use cases, product analytics data, etc.
  • Infrequent (Beta) analytics is built for occasional analysis of data. Example data sets include continuous integration tests, compliance and audit, or second-tier product usage data.

Use Case

Continuous

Frequent

Infrequent
(Beta)

Monitoring Yes
Troubleshooting
 
Yes
Security analysis Yes
Frequent ad-hoc analysis Yes Yes
Infrequent ad-hoc analysis Yes Yes Yes
Long-term storage Yes
Retention Weeks Months Years
Performance Max optimized Best effort N/A

Assigning Analytics Tiers

All data is initially ingested into the General Index, which by default is of the Continuous type. Once your data is ingested, you can assign different subsets of your data to different analytics tiers according to the intended use, as Continuous, Frequent, or Infrequent.

When planning your Analytics Tiers, it is important to remember the following guidelines:

  • The General Index cannot be changed, and it is always Continuous type.
  • The tier you assign your data to defines the data's use capabilities for searching and analyzing, as outlined in the table below

The amount of data you can Ingest under either tier is defined by your Sumo account plan. For more information, contact your Sumo Account Representative.

To assign data to an Analytics Tier, do the following:
  1. In the Sumo left navigation bar, go to Manage DataSettings, then select the Partitions tab.

Partitions_page.png

  1. At the far right, click the plus sign (+). The Create Partition dialog appears.

NewPartition-PlusSign.png

CreatePartition-dialog.png

  1. Enter a Partition Name, Routing Expression, and Retention Period or Apply the retention period of the General Index. Routing rules are different for each Analytics Tier type, as described in the following table.
  Continuous Frequent Infrequent
Routing SourceCategory, metadata, and keywords SourceCategory, metadata, and keywords Only SourceCategory
Same SourceCategory on multiple tiers Continuous and Frequent Continuous and Frequent Only Infrequent
  1. Select an Analytics Tier:
  • Continuous. You can search and analyze data in a Continuous tier in real-time without further preparation.
  • Frequent. You can only run interactive queries on data in a Frequent tier. For more information, see Searching Analytics Tiers.
  • Infrequent. You must be prepare the data in an Infrequent tier before it can be searched. For more information, see Preparing Infrequent data for search.
  1. To forward data to a cloud environment, select Enable Data Forwarding, and specify the necessary information for the options that appear.

DataForwarding-options.png

  1. Click Create.

Searching Analytics Tiers  

How you can search data differs according to the Analytics Tier (partition), as described in the following table. You should also familiarize yourself with the following topics:

Capability Continuous Analytics Frequent Analytics Infrequent Analytics

Centralized, secure, multi-tenant cloud-native platform

Yes

Yes

Yes

Data replication across availability zones, data encryption 

Yes

Yes

Yes

Interactive queries

 

Yes

Partitions can be specified or not.

Yes

Partitions must be specified

Yes

Partitions must be specified

Field Extraction Rules

Yes

Yes

No

Logs to Metrics

Yes

Yes

No

Data Forwarding

Yes

Yes

No

Live Tail

Yes

No

No

Dashboards

Yes

No

No

Schedules Searches

Yes

No

No

Scheduled Views

Yes

No

No

Alerts and View

Yes

No

No

API Queries

Yes

No

No

Searching Frequent and Infrequent data 

When you search for data in Frequent or Infrequent Analytics partitions, you must explicitly reference the partition. For example, to search for errors in a query you must reference the partition by name:

_index=my_frequent_partition_name debug

_index=my_infrequent_partition_name action

You can search for data across multiple tiers, as long as you follow this rule for Frequent and Infrequent partitions, and refer to _index=partition_name.

Preparing Infrequent data for a search

You must prepare Infrequent data prior to search. This section demonstrates how you can easily prepare Infrequent data for search.

To prepare Infrequent data for search, do the following:
  1. On the Partitions page, right-click the Infrequent partition you want to search, then select Prepare Search from the drop-down list. The Prepare for Search dialog appears.

Infrequent-prepare-search.png

Infrequent-prepare-search-time.png

  1. Click inside the Time Range field, select the time range dates from the interactive calendar, then click Apply.

Infrequent_search-time.png

  1. Enter a unique name in the New Partition Name field and click Save.

Infrequent-search-name-save.png

Common Error Messages

This section covers the most common error messages for Analytics Tiers.

  • If you try to add a panel to a dashboard with a Frequent or Infrequent Analytics partition, you receive the following error.

AT_error-dialog.png

  • If you attempt a Scheduled View or Scheduled Search with Frequent or Infrequent Analytics partition, you receive an error message letting you know that this is not allowed.