Skip to main content
Sumo Logic

Deploy and Configure Application Components Solution

This page helps in deploying and configuring the Application Components solution.

About the Solution script

These instructions help you prepare and set up the Application Components Solution using a Terraform script. 

The Terraform script performs the following actions:

  • Creates Application Components View hierarchy in Explore.
  • Sets up Sumo Logic Field Extraction Rules (FERs) to enrich the data.
  • Installs Sumo Logic Apps(Database apps and App Components app) in the Admin recommended folder or Personal folder.
  • Creates Fields.
  • Installs Monitors for each of the selected databases.

Prerequisites

For this setup, complete the following steps

  1. Make sure you have access to the Sumo logic console. The user account associated with a Sumo Logic role needs the following permissions:

    1. Manage field extraction rules
    2. View Fields
    3. View field extraction rules
    4. Manage Collectors
    5. View Collectors
    6. Manage Fields
    7. Manage connections
    8. Manage Content
  1. Using these instructions, generate an access key and access ID for a user with the Manage Monitors role capability in Sumo Logic. Please identify which deployment your Sumo Logic account is in using this link.

    1. Install Git.

Set up the Terraform environment

  1. Download and install Terraform 0.13 or later
    To check the installed Terraform version, run the following command: $ terraform --version
  2. Install the latest version of curl.
  3. Install the latest version of jq command-line JSON parser. This is required for running the fields.sh batch file.

Configure the Terraform script

  1. Clone the repository https://github.com/SumoLogic/sumologic-solution-templates:

$ git clone https://github.com/SumoLogic/sumolog...tion-templates

  1. Initialize the Terraform working directory by navigating to the directory sumologic-solution-templates/application-components and running terraform init.

$ terraform init

This will install the required Terraform providers, including Null, Sumo Logic Terraform Provider, Time Provider, Random Provider.

  1. By default, all other parameters are set up to automatically install apps and monitors. If you need to override parameters, you can configure or override additional parameters in the main.auto.tfvars file.

  1. Configure the below Sumo Logic Parameters

Parameter

Description

sumologic_environment (Required)

Sumo Logic Deployment

Enter au, ca, de, eu, jp, us2, in, fed or us1. See Sumo Logic Endpoints and Firewall Security for more information on Sumo Logic deployments.

sumologic_access_id (Required)

Sumo Logic Access ID

Sumo Logic Access ID. See Create an access key in the Access Keys topic for more information.

sumologic_access_key (Required)

Sumo Logic Access Key

Sumo Logic Access Key used for Sumo Logic API calls. See Sumo Logic Access Key for more information.

sumologic_organization_id (Required)

Sumo Logic Organization ID

You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources.

Configuring App and Component Parameters

Parameter

Description

apps_folder_installation_location Specify the location where the sumo logic apps/dashboards will be installed. Allowed values are "Admin Recommended Folder" and "Personal Folder".
share_apps_folder_with_org Indicates if Apps folder should be shared (view access) with the entire organization. Set true to enable or  false to disable.
components_on_kubernetes_deployment Provide comma separated list of application components deployed on kubernetes environment for which sumologic resources needs to be created. Allowed values are "Memcached, Cassandra,elasticsearch,SQL server, MongoDB, MySQL, PostgreSQL, Redis, MariaDB, Couchbase, Oracle"
components_on_non_kubernetes_deployment Provide comma separated list of application components deployed on non-kubernetes environment for which sumologic resources needs to be created. Allowed values are "Memcached, Cassandra, Elasticsearch, SQLserver, MongoDB, MySQL, PostgreSQL, Redis, MariaDB, Couchbase, Oracle".

Configuring Monitor Parameters

memcached_data_source

redis_data_source

sqlserver_data_source

mysql_data_source

postgresql_data_source

cassandra_data_source

couchbase_data_source

elasticsearch_data_source

mariadb_data_source

mongodb_data_source

oracle_data_source

Provide cluster filters for each of the component’s monitors. For ex - If you want to set up monitors only for cassandra clusters starting with db_cluster prefix search in your prod environment then you can set 

 

cassandra_data_source=db_system=cassandra AND db_cluster=prod* and environment=prod

 

This assumes you have set the respective tags (environment, db_cluster and db_system) while configuring collection

monitors_disabled Set it to false to enable the monitors. By default they are disabled

email_notifications_critical

email_notifications_warning

email_notifications_missingdata

To send notification from the monitors as email set these parameters for critical, warning and missing data monitors respectively.

 

email_notifications_critical = [

   {

     connection_type       = "Email",

     recipients            = ["abc@example.com"],

     subject               = "Monitor Alert:

UndefinedNameError: reference to undefined name 'TriggerType' (click for details)
Callstack:
    at (Observability_Solution/Application_Component_Solution/Deploy_and_Configure_Application_Components_Solution), /content/body/div[6]/table/tbody/tr[3]/td[2]/p[6]/strong/span[1], line 1, column 1
on
UndefinedNameError: reference to undefined name 'Name' (click for details)
Callstack:
    at (Observability_Solution/Application_Component_Solution/Deploy_and_Configure_Application_Components_Solution), /content/body/div[6]/table/tbody/tr[3]/td[2]/p[6]/strong/span[2], line 1, column 1
",

     time_zone             = "PST",

     message_body          = "Triggered

UndefinedNameError: reference to undefined name 'TriggerType' (click for details)
Callstack:
    at (Observability_Solution/Application_Component_Solution/Deploy_and_Configure_Application_Components_Solution), /content/body/div[6]/table/tbody/tr[3]/td[2]/p[8]/strong/span[1], line 1, column 1
Alert on
UndefinedNameError: reference to undefined name 'Name' (click for details)
Callstack:
    at (Observability_Solution/Application_Component_Solution/Deploy_and_Configure_Application_Components_Solution), /content/body/div[6]/table/tbody/tr[3]/td[2]/p[8]/strong/span[2], line 1, column 1
:
UndefinedNameError: reference to undefined name 'QueryURL' (click for details)
Callstack:
    at (Observability_Solution/Application_Component_Solution/Deploy_and_Configure_Application_Components_Solution), /content/body/div[6]/table/tbody/tr[3]/td[2]/p[8]/strong/span[3], line 1, column 1
",

     run_for_trigger_types = ["Critical", "ResolvedCritical"]

   }

 ]

 

Update the recipients in above example

connection_notifications_critical

connection_notifications_warning

connection_notifications_missingdata

To configure notification via pagerduty or webhook set these parameters for critical, warning and missing data monitors respectively. See this document for creating payloads with other connection types.

 

connection_notifications_critical = [

    {

      connection_type       = "PagerDuty",

      connection_id         = "<CONNECTION_ID>",

      payload_override      = "{\"service_key\": \"your_pagerduty_api_integration_key\",\"event_type\": \"trigger\",\"description\": \"Alert: Triggered

UndefinedNameError: reference to undefined name 'TriggerType' (click for details)
Callstack:
    at (Observability_Solution/Application_Component_Solution/Deploy_and_Configure_Application_Components_Solution), /content/body/div[6]/table/tbody/tr[4]/td[2]/p[6]/strong/span[1], line 1, column 1
for Monitor
UndefinedNameError: reference to undefined name 'Name' (click for details)
Callstack:
    at (Observability_Solution/Application_Component_Solution/Deploy_and_Configure_Application_Components_Solution), /content/body/div[6]/table/tbody/tr[4]/td[2]/p[6]/strong/span[2], line 1, column 1
\",\"client\": \"Sumo Logic\",\"client_url\": \"
UndefinedNameError: reference to undefined name 'QueryUrl' (click for details)
Callstack:
    at (Observability_Solution/Application_Component_Solution/Deploy_and_Configure_Application_Components_Solution), /content/body/div[6]/table/tbody/tr[4]/td[2]/p[6]/strong/span[3], line 1, column 1
\"}",

      run_for_trigger_types = ["Critical", "ResolvedCritical"]

    },

    {

      connection_type       = "Webhook",

      connection_id         = "<CONNECTION_ID>",

      payload_override      = "",

      run_for_trigger_types = ["Critical", "ResolvedCritical"]

    }

  ]

 

Replace <CONNECTION_ID> with the connection id of the webhook connection. The webhook connection id can be retrieved by calling the Monitors API.

Importing existing Fields & FERs

As part of configuring the Application Components solution, we need to create fields in Sumo Logic org. To import any fields that are already present in Sumo Logic into our Terraform state, run a script. To do so, navigate to the sumologic-solution-templates/aws-observability-terraform folder and do the following:

  • Set the following environment variables using the commands below:
    export SUMOLOGIC_ENV="YOUR_SUMOLOGIC_DEPLOYMENT"
    export SUMOLOGIC_ACCESSID="YOUR_SUMOLOGIC_ACCESS_ID"
    export SUMOLOGIC_ACCESSKEY="YOUR_SUMOLOGIC_ACCESS_KEY"
    Provide your Sumo Logic deployment for the SUMOLOGIC_ENV variable. For example: au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments, see Sumo Logic Endpoints and Firewall Security

  • Run fields.sh using this command:
    $ sh fields.sh


Important: Going forward, please do not modify these fields outside of Terraform.

Deploy the Application Component Solution

Deploy the Application Components Solution using the Sumo Logic Terraform Script.

Navigate to the directory sumologic-solution-templates/application-components/ and execute the following commands:

  1. Run terraform validate. This will validate the configuration files in the directory.

  2. Run terraform plan to view the sumo resources like monitors,apps,fers,fields and hierarchy which will be created/modified by Terraform.

  3. Run terraform apply.

At the end of the console output, you should see two links, one for Apps Folder and the other for Monitors Folder. You can click on them to go to the sumo logic portal and view the dashboards and monitors. In case you missed noting down the links after deployment, you can use terraform show command to see those output values again.

undefined

Post Installation

Configure Metric and Logs collection of respective databases

Configure Fields in Sumo Logic

Attach the following Fields in collection sources both for logs and metrics. This ensures that your logs and metrics are tagged with relevant metadata, which the app dashboards require. For information on setting up Fields, see the Fields topic.

  • component
  • environment
  • db_system
  • db_cluster
  • db_cluster_address
  • db_cluster_port

Configuring or updating email notifications

If you haven’t enabled alerts and/or configured notifications through the Terraform procedure outlined above, we highly recommend enabling alerts of interest and configuring each enabled alert to send notifications to other people or services. This is detailed in Step 4 of this document.

There are limits to how many alerts can be enabled - see the Alerts FAQ.

Uninstalling the Solution

To uninstall the Application Components solution deployed using Terraform, navigate to the directory https://github.com/SumoLogic/sumolog...ion-components and execute the command:

$ terraform destroy

This will destroy all resources and configuration previously set up.

Sometimes if the fields are used in other resources like FERs, other collection sources then those fields will not be deleted.

FAQs

How to configure it for new databases when they are running terraform and apply a second time?

Assuming your last terraform application run was successful and you have the tfstate file locally. You can add new components in components_on_non_kubernetes_deployment or components_on_kubernetes_deployment parameters and rerun terraform apply.

How to update the Solution if a new version gets released?
  1. Backup your Application Component Solution - Apps folder and Application Component Solution - Monitor folder by exporting the content.
  2. You need to pull the master branch of the repository https://github.com/SumoLogic/sumologic-solution-templates/  and run terraform apply. It will update all the apps, fers, hierarchies, fields, and monitors 
  3. The above step will deploy new dashboards and new monitors, so after migrating your custom content to these new dashboards, you can delete old fers and dashboards.
How to view changes introduced in the new version?

You can see the CHANGLELOG.md file in the github repository for bug fixes or enhancements in the latest solution version.

How to view all the resources created by the solution? 

You can see the  RESOURCES.md   file in the github repository for all the resources and modules present in the solution.

How do customers who already have the data flowing into sumo logic migrate to this solution?

Existing customers have to perform the below steps:

  1. Add db_cluster_address and db_cluster port in their telegraf configuration as mentioned in the respective component’s collection doc. This is for tagging metrics.
  2. Add db_cluster_address and db_cluster_port in the sumologic source for logs as mentioned in the respective component’s collection doc.
  3. Import the existing fields using fields.sh script in Step 4 and follow Step 1, 2, 3, and 5 to deploy the solution
  4. The above step will deploy new dashboards and new monitors, so after migrating your custom content to these new dashboards, you can delete old fers and dashboards.