Skip to main content
Sumo Logic

Analytics Tiers

Analytics tiers provide the ability to mark your datasets according to how often you access the data: Continuous, Frequent, or Infrequent.

Analytics Tiers provide you with the economic flexibility by aligning your analytics to the value of your data. By using the Continuous and Frequent tiers, you can appropriately segment your data by use case and analytics needs, thus enabling you to optimize your analytics investments.

Types of Analytics Tiers

Sumo Logic Analytics Tiers each support a different use case and coming with its own set of features and capabilities: 

  • Continuous analytics analyzes mission-critical data sets where you need to monitor, dashboard, and alert. Example data sets include operational, security and compliance data that is used to ensure the real-time and continuous health and security of IT apps and infrastructure.
  • Frequent analytics is optimized for exploratory data sets, where you are primarily focused only on searching and visualization of data. Example data sets include debug/info logs, customer support use cases, product analytics data, etc.

Use Case

Continuous

Frequent

Monitoring Yes
Troubleshooting
 
Yes
Security analysis Yes
Frequent ad-hoc analysis Yes Yes
Infrequent ad-hoc analysis Yes Yes
Long-term storage
Retention Weeks Months
Performance Max optimized Best effort

Assigning Analytics Tiers

All data is initially ingested into the General Index, which by default is of the Continuous type. Once your data is ingested, you can assign different subsets of your data to different analytics tiers according to the intended use, as Continuous or Frequent.

When planning your Analytics Tiers, it is important to remember the following guidelines:

  • The General Index cannot be changed, and it is always Continuous type.
  • The tier you assign your data to defines the data's use capabilities for searching and analyzing, as outlined in the table below

The amount of data you can Ingest under either tier is defined by your Sumo account plan. For more information, contact your Sumo Account Representative.

To assign data to an Analytics Tier, do the following:
  1. In the Sumo left navigation bar, go to Manage DataSettings, then select the Partitions tab.

Partitions_page.png

  1. At the far right, click the plus sign (+). The Create Partition dialog appears.

NewPartition-PlusSign.png

CreatePartition-dialog.png

  1. Enter a Partition Name, Routing Expression, and Retention Period or Apply the retention period of the General Index. Routing rules are different for each Analytics Tier type, as described in the following table.
  Continuous Frequent
Routing SourceCategory, metadata, and keywords SourceCategory, metadata, and keywords
Same SourceCategory on multiple tiers Continuous and Frequent Continuous and Frequent
  1. Select an Analytics Tier:
  • Continuous. You can search and analyze data in a Continuous tier in real-time without further preparation.
  • Frequent. You can only run interactive queries on data in a Frequent tier. For more information, see Searching Analytics Tiers.
  1. To forward data to a cloud environment, select Enable Data Forwarding, and specify the necessary information for the options that appear.

DataForwarding-options.png

  1. Click Create.

Searching Analytics Tiers  

How you can search data differs according to the Analytics Tier (partition), as described in the following table. You should also familiarize yourself with Searching Frequent data.

Capability Continuous Analytics Frequent Analytics

Centralized, secure, multi-tenant cloud-native platform

Yes

Yes

Data replication across availability zones, data encryption 

Yes

Yes

Interactive queries

 

Yes

Partitions can be specified or not.

Yes

Partitions must be specified

Field Extraction Rules

Yes

Yes

Logs to Metrics

Yes

Yes

Data Forwarding

Yes

Yes

Live Tail

Yes

No

Dashboards

Yes

No

Scheduled Searches

Yes

No

Scheduled Views

Yes

No

Alerts and View

Yes

No

API Queries

Yes

No

Searching Frequent data 

When you search for data in Frequent Analytics partitions, you must explicitly reference the partition. For example, to search for errors in a query you must reference the partition by name:

_index=my_frequent_partition_name debug

You can search for data across multiple tiers, as long as you follow this rule for Frequent partitions, and refer to _index=partition_name.

Common Error Messages

This section covers the most common error messages for Analytics Tiers.

  • If you try to add a panel to a dashboard with a Frequent or Infrequent Analytics partition, you receive the following error.

AT_error-dialog.png

  • If you attempt a Scheduled View or Scheduled Search with a Frequent Analytics partition, you receive an error message letting you know that this is not allowed.