Skip to main content
Sumo Logic

Creating SLOs and Monitors

Learn how to create SLOs, configure queries, set SLIs, and create SLO Monitors.

This guide provides information to access and create SLOs. 

Accessing SLOs

In Sumo Logic, select Manage Data > Monitoring, then select the SLO tab, where you can view, search, and add SLOs. Use folders to collect, package, and manage SLOs with ease, moving SLOs as needed. 

To locate an SLO, use the search that returns a list of SLOs based on the name and description.

slo-page.png

To open the dashboard, locate and select an SLO. The details pane gives you a preview and an option to Open SLO Dashboard. See SLO Dashboards and Notifications for more information.

Previewing SLOs

Select an SLO to see a quick preview including the configuration details, targets, queries, any associated monitors, and general information. The previewing includes the SLO Details and Monitors tabs.

  • Open SLO Dashboard: Access the Dashboard to monitor and investigate data
  • Open: Open this SLO to review and edit
  • More Options: Access additional options to Edit, Copy Path, Duplicate, Move, Export, and Delete the SLO

The SLO Details tab provides a quick view of the SLO ID, description, configurations, and creation information.

The Monitors tab provides a list of associated monitors for the SLO. Expand entries to review the status, condition, and configured triggers. Click the open icon (open-monitor.png) to open and edit the monitor.

ani-slo-preview.gif

The heart of an SLO is the queries used for the SLI query types, including metrics and logs.

General Information

For general information on querying metrics and logs, see Overview of Metrics in Sumo and About Search Basics.

A preview runs the query in real-time to help test and refine results, with a time range to see broader results as needed.

Aggregation Queries

You cannot use aggregate log queries to define your SLO because such queries summarize data and lose the concept of time. Aggregation occurs through the SLO backend and is not required in the query, for example avg(latency) < 500 ms or "successful event must have latency below 50ms". 

Quantize Queries

Do not use quantize in queries, as it is handled by the SLO backend based on the window duration.

Creating SLOs

When creating an SLO, define the following:

  • SLI metric you are tracking and target configuration using ratio- or threshold-based definitions
  • SLO defining the target and duration to monitor (for example the uptime for the target)
  • Basic details for SLO name and description

You have multiple configurations for creating SLOs:

  • Measurement for SLO: Windows of time or Requests.
  • Query type: Metrics or Logs.
  • Calculation definition: Ratio (tracked amount against a total) or Threshold. Instead of defining two queries to identify successful versus total events to create a Ratio, you can specify a Threshold for the Total Events query that identifies successful events.

The following table lists the available options for an SLO:

  Window-based Request-based
Metrics-based SLO Ratio and Threshold Ratio Only
Logs-based SLO Ratio and Threshold Ratio and Threshold

To create a new SLO:

  1. Click Manage Data, then Monitoring. Select the SLO tab if not loaded.

  2. Click Add, then New SLO. You can also create folders to manage your SLOs. You'll also have an option to import content.

  3. Select the Signal Type:

    • Latency. Select to calculate the speed of services, lag time.

    • Error. Select to monitor for errors that occur in your services.

    • Throughput. Select to track the throughput of services and processing.

    • Availability. Select to monitor the uptime of services.

    • Other. Select to monitor any other metric or log for SLIs.
      slo-create-type.png

  4. Select the Evaluation Type which determines how the events are measured:

    • Window-based. Select the time frame window for the events. Window sizes should be between 1m to 60m.
      slo-create-window-base.png

    • Request-based.
      slo-create-request-base.png

  5. Select the Query Type to select and build your queries for the SLI data. You have a choice of Metrics or Logs with a ratio-based (partial against the total) or threshold-based (events amount against a set threshold amount) calculation. Review Query recommendations before building.

    Follow the instructions below based on the query type:
     
    Metrics: Ratio-based Metrics: Threshold-based

    For Ratio-based definition, define queries for the successful or unsuccessful events to calculate against total events:

    1. Select Successful or Unsuccessful Events to measure.

    2. Build a query using metrics and filters. See Overview of Metrics in Sumo.

    3. Select the values to use from Number of data points or Metric value.

    4. Configure the Total Events, including a query and values, to use Number of data points or Metric value. You can copy and paste the previous query, removing filters to get the total.

    For Threshold-based definitions, which calculates against success criteria:
     

    1. Select Successful or Unsuccessful Events to measure.

    2. Build a query using metrics and filters. See Overview of Metrics in Sumo for more information.

    3. For Use values from, it always uses the Metric value.

    4. For Success Criteria for Avg, Min, Max, or Sum of the selected signal type (such as latency) which must be greater than, greater than or equal to, less than, or less than equal to an amount you enter (positive or negative number).

       

     ani-slo-metrics.gif
    Logs: Ratio-based Logs: Threshold-based

    For Ratio-based definitions, which calculate successful or unsuccessful events against total events:

    1. Select Successful or Unsuccessful Events to measure.

    2. Search logs selecting and entering a log query. See About Search Basics for more information.

    3. For Use values from, select the numeric value available for that query to pull data from.

    4. Then configure the Total Events, including a query and values. You can copy and paste the previous query, perhaps with filters removed to get the total.

    For Threshold-based definitions, which calculate against success criteria:
     

    1. Select Successful or Unsuccessful Events to measure.

    2. Search logs selecting and entering a log query. See About Search Basics for more information.

    3. For Use values from, it always uses the Metric value.

    4. For Success Criteria for Avg, Min, Max, or Sum of the selected signal type (such as latency), which must be greater than, greater than or equal to, less than, or less than equal to an amount you enter (positive or negative number).
    ani-slo-logs.gif
  6. Define your SLO for target amount and duration period to monitor:

    • Target. The value in percentage you want to target for the SLO, for example 99 for 99%.

    • Compliance Type. Rolling provides a sequence of recent days for the Compliance Period, such as the last 7d or last 30d. Calendar calculator over a window of time for a Week.

    • Timezone. Select a timezone. This is important to accurately assign events on the boundary of a compliance period, such as events received at 11:59 PM in a particular time zone.

      slo-create-slo.png

  7. Enter SLO Details, including a Name and Description. This is used in the list and for searches.
    slo-create-details.png

  8. Click Save. To create a monitor. click Save and Create Monitor.

Importing SLOs (optional)

To transfer data immediately and create an SLO using an import, you should first export JSON content to use that formatting. The Sumo Logic JSON format may change without notice. See Export and Import Content in the Library for complete details.

To import an SLO:

  1. Click Manage Data, then Monitoring. Select the SLO tab if not loaded.

  2. Click Add > Import.

  3. Enter a Name for the SLO.

  4. Copy and paste the JSON in the text editor.

  5. Click Import

slo-import.png

Creating SLO Monitors

Create one or more monitors as needed for your SLO. We recommend creating separate monitors for SLI-based and Burn Rate-based condition types. You can access SLO monitors through the SLO Details or from the Monitors list page. 

You will receive notifications according to monitor configurations, such as email messages and Slack channel posts. Use the variable {{SloDashboardUrl}} in your connection payloads, which will generate an SLO dashboard link in notifications. This variable will be included automatically in email notifications.

The Alert Response page is not supported for SLO-based monitors at this time. Notifications will provide access to the SLO dashboard when warning and critical triggers occur.

Monitor notifications may auto-resolve. See Auto-Resolving Notifications for details according to the evaluation type (Windows or Request) and compliance type (Calendar or Rolling). 

You can create one condition type for your SLO monitor, either an SLI trigger or Error Budget trigger. You can create one condition type for your SLO monitor, either a SLI condition or Error Budget condition. We support configuring a threshold value per critical and warning trigger for that condition type.

You have two options to create an SLO Monitor:

  • Select Save and Create Monitor when creating an SLO.
    button-save-create-monitor.png

  • Go to the Monitors tab, select Add > New Monitor, then select the SLO option.
    button-new-monitor.png

When you click Save and Create Monitor, a New Monitor dialog loads:

  1. For the Monitor Type, select SLO. When creating from the Monitors tab, select an SLO from the drop-down menu. A preview of the SLO loads on the page.

    ani-new-monitor1.gif

  2. Select and configure a Condition Type:

    • For the SLI Condition Type, you can select to alert when the SLI is below an entered percentage, as it nears your SLI target. For example, you could set this to 99.1% to raise a critical alert when it is getting close to a target of 99%.

      slo-monitor-sli.png

    • For the Burn Rate Condition Type, create an alert indicating Critical and Warning conditions based on burn rate or the rate at which error budget is depleted. Enter a percentage depleted within an amount of minutes, hours, or days.

      For example, a critical alert for 10% depletion within 3 hours indicates the error budget is depleting quickly.
      slo-monitor-burn.png

  3. Under Notifications, select your preferred Connection Type for sending messages via email, Slack, webhook, or other methods. Select Alert and/or Recovery to notify for Critical and Warning triggers. You can add as many notifications as needed. A message is sent with a link to the SLO dashboard to investigate.
    slo-monitor-notifications.png
    For example, to set up a Slack notification, select Slack from the dropdown menu and edit the Payload as needed. The following information shows the default settings:
    slack-payload.png

  4. For Monitor Details, enter the following information:

    • Name. Name for the monitor.

    • Location. Path for the monitor, default is /Monitor.

    • Description. Optional description for the monitor.

    • Playbook. Optional playbook for handling these monitors and situations if an issue occurs.
      slo-monitor-detals.png

  5. Click Save.

Auto-Resolving Notifications

SLO Monitors in a triggered state can auto-resolve. See the following table for details.

EvaluationType

ComplianceType

MonitorConditionType

Auto-resolves

Window

Calendar

SLITrigger

No. SLI never recovers within the same compliance period as the triggered alert, but it can recover in a different compliance period. So the monitor can auto-resolve then.

New alert is created for each compliance period. Monitor status is based on latest compliance period’s alert status.

Window

Calendar

ErrorBudgetTrigger

Yes, if the error budget consumed is less than the alert threshold for a complete detection window. Resolution behavior is same as log monitors.

Window

Rolling

SLITrigger

Same as “Window-Calendar”. Separate alert is triggered for each compliance period.

Window

Rolling

ErrorBudgetTrigger

Same as “Window-Calendar”.

Request

Calendar

SLITrigger

Yes, when SLI value goes above alert threshold. A new alert is created for each compliance period. Monitor status is based on the latest compliance period’s alert status.

Request

Calendar

ErrorBudgetTrigger

Same as “Window-Calendar”.

Request

Rolling

SLITrigger

Same as “Request-Calendar”. Separate alert for each compliance period.

Request

Rolling

ErrorBudgetTrigger

Same as “Window-Calendar”.

Notification Example

When a notification is sent, it includes information from the alert and a link to load the dashboard. Below is an example of a critical alert email notification. See SLO Dashboards for information.

slo-email-alert.png

Resolution Email Example

resolution-email.png