Skip to main content
Sumo Logic

Service Release Notes

February 6, 2018

In addition to bug fixes, we've released sorting time series by Avg, Min, Max in the Legend tab for Metrics, relative time ranges for when you want your source to begin collecting data, and you can now generate access keys from the Security tab.


  • New - Want a little help sorting your time series? The Metrics Legends tab now displays the Avg, Min, and Max for a time series over the selected time range and you can sort by these columns.



  • Update - You can now set a relative time range for minutes, hours, days, weeks, and months your sources in the  Collection should begin option. Enter a relative time expression, for example -1h, and it will begin collection one hour in the past. 


User Interface

  • Update - It’s a small change but very convenient. You can now set up your access keys from the Security tab. Just click the plus icon (+),  name your key, and click Generate Key.



January 29, 2018


Update - The MySQL app was updated today to improve performance and provide bug fixes. The dashboards and searches remain unchanged.

January 26, 2018


Four new apps were released today.

  • The Sumo app for Google App Engine is now available. The app helps you monitor the activities in App Engine. The preconfigured dashboards provide insight into requests, applications, HTTP status codes, latency, and response time. 

  • The Sumo app for Google Cloud Audit is now available. The app meets audit and compliance needs by enabling you to monitor activities and track the actions of administrators in your Google Cloud Platform projects. The preconfigured dashboards provide insight into the network, security, operations, and users of your Google Cloud Platform projects.

  • The Sumo app for Google Cloud IAM is now available. The app gives you visibility into the activities in Cloud IAM. The preconfigured dashboards allow you to monitor the IAM project activities, operations, role activities, and policy changes.

  • The Sumo app for Google Cloud VPC is now available. The app gives you visibility into activities, traffic, and VPC flows. The preconfigured dashboards provide details on VPC flows, source and destination IP addresses, ports, protocols, and messages.


January 23, 2018

Bug fixes were released today.


  • Bug Fix - Some dashboards were opening in Live Mode instead of Edit mode by default. This has been fixed and all dashboards open in Edit mode by default.

  • Bug Fix - Some dashboards were not responding after selecting Open in a New Browser Tab. This has been fixed.


  • Bug Fix - When you click Update Dashboard from a metrics query, it now opens the dashboard tab by default and doesn’t stay on the metrics query page.


  • Bug Fix - Aggregation tables were sometimes displaying instead of charts. Chart display errors have been fixed and charts now display consistently.

January 18, 2018


The Sumo App for Amazon SES is now available. The app provides operational insight into Amazon Simple Email Service. The app includes dashboards that allow you to view information about bounced notifications, delivered notifications, and CloudTrail events.


January 9, 2018

Browser Support

  • Deprecated - We are officially releasing the new UI, and that means we’re going to deprecate support for Firefox 25. The new UI supports Firefox 41 and higher.

Live Tail

  • Deprecated - We’re moving on to TLS 1.1+  for the Live Tail command line. Like the rest of the product, we’re no longer supporting TLS 1.0.


  • Bug Fix -Sankey charts can now handle camel-cased fromState and toState field names. We now make these fields lower case on the backend to get consistent results for you.


User Interface


  • New - Our New UI is officially released. We will be deprecating our seven-year-old Classic UI and moving on to the New UI. For details on how your navigation will change with the new UI, check out our Navigation Cheat Sheet.

January 8, 2018

A new collection endpoint,https://endpoint3.collection.us2.sumologic.comwas added in the US2 environment.

January 3, 2018


December 20, 2017


  • New Beta App - The Sumo Logic App for Amazon SNS is now available. It is a unified logs and metrics (ULM) App that provides insights into the operations and utilization of your SNS service. The preconfigured dashboards help you monitor the key metrics by application, platform, region, and topic name, view the SNS events for activities, and help you plan the capacity of your SNS service.
    Overview .png

December 5, 2017


  • Enhancement - You can now duplicate dashboards from the dashboard tab. Choose a name for the duplicate and save it to a folder.


Live Tail

  • Enhancement - Duplicate option now available for Live Tail sessions.


  • Bug Fix - Rename option no longer disabled for Live Tail when maximum tab limit reached.


  • Enhancement - New error messages for pct operator when conditions are invalid, such as “Percentile argument greater than 100”.
  • Enhancement - Duplicate metrics query option now available.
  • Enhancement - Math expressions such as min, max, abs, and round are now case insensitive to match the log search experience.
  • Bug Fix - Host Metrics ingest now works with the Setup Wizard.
  • Bug Fix - Negative values for log and sqr in queries now result in error messages because they are not valid values for these operators.


  • Bug Fix - Exporting a search experience improved.
  • Bug Fix - To save on naming issues, duplicate imported searches now forced to have a different name than the existing search.


  • TLS 1.0 Protocol Disabled - We have disabled support for TLS 1.0. You must now use TLS 1.1 and up. Unless you are using IE 10 or below we do not expect this change to impact you.

User Interface

  • Enhancement - To save space on your tabs, Sumo no longer labels duplicate search tabs as “Copy of”. Now duplicate searches are labeled Search and a value, similar to duplication in Metrics.
  • Bug Fix - You can now scroll off screen and still select the New Tab icon (+).
  • Bug fix - Collection status page now loads quickly for the Internet Explorer Browser.

December 1, 2017


  • Apps Update - The Sumo Logic App for AWS Lambda helps you monitor the operational and performance trends in all the Lambda functions in your account. The App now supports a new data source, CloudTrail Lambda Data Events and has pre-built dashboards for that source.


November 29, 2017


  • New App -  The Amazon GuardDuty Sumo Logic app provides insights into the activities in your AWS account based on the findings from Amazon GuardDuty. The App includes preconfigured dashboards that allow you to detect unexpected and potentially malicious activities in your AWS account by providing details on threats by severity, VPC, IP, account ID, region, and resource type.


November 27, 2017


  • Update - fields operator for defining the order of the columns. Along with choosing which fields are displayed in the results, you can now use the fields operator to order the columns in the result. The order of the columns in the result would be the order you specified with the fields operator.

November 22, 2017


  • New Beta App - The Sumo Logic App for AWS Elastic Load Balancing ULM - Application is now available. It is a unified logs and metrics (ULM) App that gives you visibility into the health of your Application Load Balancer and target groups. Use the preconfigured dashboards to understand the latency, request and host status, threat intel, and HTTP backend codes by availability zone and target group.ALBULMOverview.png
  • New panels added to the PCI Compliance for CloudTrail App - The PCI Compliance for AWS CloudTrail App is now updated to include the details of create and delete group, added and removed users, and password events in the PCI Req 08 - Account, System Monitoring dashboard; policy operations in the PCI Req 08, 10 - Privileged Activity dashboard; and console root logins in the PCI Req 10 - Login Activity dashboard.PCIReq10-LoginActivity.png

November 21, 2017


  • New Beta App - Sumo Logic has a beta app for Amazon SQS, a unified logs and metrics (ULM) app that provides operational insights into your Amazon Simple Queue Service (SQS) use. The pre-configured dashboards help you monitor the key metrics, view the SQS events for queue activities, and help you plan the capacity of your SQS service.


  • New Beta App - Sumo Logic has a beta unified logs and metrics (ULM) app for AWS Elastic Load Balancing ULM - Classic. You can use the searches and dashboards to track ELB information on the latency, HTTP backend codes, requests, and host status, to investigate issues in the load balancer.



  • Bug Fix  - Dashboards with the same name now delete properly.  
  • Bug Fix - Drill down metrics name consistent with panel name on dashboard panel. 
  • Bug Fix - Dashboards now display properly, even when tabs are closed. 
  • Bug Fix - Share dashboards with filters option only available when filters are present. 
  • Bug Fix - Clicking the Zoom into Panel option consistently opens a new panel. 


  • Bug Fix -  Update dashboard option for metrics charts is fixed.


  • Update - Metrics Introduction now references new UI layout, error messages updated, and revised and improved metrics query performance.
  • Bug Fix - Aggregate group-by key is no longer case sensitive.
  • Bug Fix -  You now go to the metrics page after clicking "Exit Setup Wizard" if you are working with a metrics source.
  • Bug Fix - Division by zero not shown in metrics time series to improve visualizations.
  • Bug Fix - Dashboards shared with“World” now open in incognito mode.  
  • Bug Fix - Removing filter refreshes screen.


  • Update - Improved error messages for exporting a search.

User Interface

  • Update - Country and states list updated for Activate Your Account.
  • Bug Fix - SAML sign-in redirects user to correct page on sign-out.
  • Bug Fix - Show Password Policy only displays when user has Manage password policy capability.
  • Bug Fix - Appropriate content shows when deleting a user.
  • Bug Fix - Accounts page is now more exact.
  • Bug Fix - Multiple tabs can now open during a search.
  • Bug Fix - Error now shows when you attempt to name a dashboard, search, or folder with an existing name.
  • Bug Fix - User role creation validates for invalid characters.

November 7, 2017

There is a new app for Amazon Kinesis - Streams, updates to dashboards, new metrics operators, fix to sources, and some user interface changes as part of this update.


  • New Beta App - The Sumo Logic App for Amazon Kinesis - Streams is now available for Beta testing. This is a unified logs and metrics (ULM) App which provides information on the events and metrics of Kinesis Streams. The preconfigured dashboards help you monitor the events, API calls, errors, incoming and outgoing records, latencies, and throughput of Kinesis Streams.


  • Bug Fix - Dashboard with single panels no longer have display error when adding a new panel.

  • Bug Fix - Dashboard changes now reflected on sidebar without a hard refresh.


  • New Operators - New topk, bottomk, and filter operators available to filter your metrics query. You can now reduce your time series down and simplify your visuals with these operators. For example, you can find the top 10 time series with the highest average. 
    Topk Metrics

  • Bug Fix -  Drill down metrics name is now consistent with monitor name on dashboard panel.


  • Bug Fix - Docker Stats Source error message now displays correctly.

User Interface

  • Reminder -  Migrate to the new UI as soon as possible. The classic UI will no longer be available after Dec 15.

  • Enhancement - Asterisk is now shown in the saved search tab to indicate that there are unsaved edits. 


  • Enhancement - Scrollbar is now wider to make it easier to use.

  • Bug Fix - In-product notification icons now display correctly.

October 31, 2017

Amazon DynamoDB App. The Sumo Logic App for Amazon DynamoDB is now available. This is a unified logs and metrics (ULM) App which provides operational insights into your DynamoDB solution. The App includes Dashboards that allow you to monitor key metrics, view the throttle events, errors, latency, and help you plan the capacity of your DynamoDB solution.


October 27, 2017

Keyboard shortcuts enhanced. We have expanded the shortcut options for duplicating a query in the new UI. If you used option+shift+n in the classic UI to duplicate a query and time range, you can now use following more specific keyboard shortcuts in the new UI:

Shortcut Description
alt+shift+n Duplicate only the current query in new tab.
alt+shift+t Duplicate only the current time range in a new tab.
alt+shift+q Duplicate both the current query and time range in new tab.

October 17, 2017

Dashboard sharing enhancements. You can now share a dashboard with static timeranges provided in the URL itself, allowing you to share a snapshot in time of a dashboard with other users. For details, see sharing or embedding a dashboard.


October 13, 2017

Windows Event Log Source Host Change. All Windows Event Logs contain a built-in "Computer" field, which is captured by the Computer = "..."; text you see in the Sumo messages.
Problem. We discovered an issue that caused _sourceHost to be assigned incorrectly to a value that didn’t match the Computer field for the event.
Resolution. We have fixed this issue and now assign the Computer = "..."; field as _sourceHost.
Impact: Minimal. If you have queries and scheduled searches for Windows Event Logs that depend on _sourceHost values, you need to verify the change has no impact.

October 10, 2017

AND, OR, and NOT supported in Metrics Queries. Logical operators are now supported in the metrics query language to let you specify complex Boolean expressions for metrics.  For example you can now say nodes not “forge” by stating: !node=forge and you can specify two specific clusters with OR.  For more information see Creating a Metrics Query and Visualization.


September 18, 2017

Sumo Kubernetes Fluentd plugin. You can use the plugin to collect system, kubelet, Docker daemon, and container logs from Kubernetes. For more information, see Kubernetes.

September 14, 2017

Metrics alerting enhancements. You can now set alerts on Metrics JOIN queries. For example if you have a query to calculate a baseline in comparison to today's network traffic:

  1. Choose your metric for CPU usage by application and the source hosts you want to track:
    metric=CPU_user _sourceHost=my_host
  2. Take an average of that metric.
    metric=CPU_user _sourceHost=my_host | avg
  3. See differences between your metric and your average.
    (#A - #B)/#B

metrics alert join

4. Create an alert to let you know when that those differences reach a particular range.

For more details on creating metrics alerts, see Metrics Monitors and Alerts.

September 12, 2017

Dashboard sharing enhancements. You can now share a dashboard with specific filters provided through the URL itself. You can also embed a dashboard in an external website as an iFrame. For more information, see the section on sharing or embedding a Dashboard.

sharedashboards with whitelist

September 11, 2017

Azure Audit. The Sumo Logic App for Azure Audit is now updated to include the Activity Logs from Event Hub, along with the existing collection from Azure Insight API using Sumo Powershell scripts. For more details, see collect logs for Azure Audit from Event Hub. All the pre-configured dashboards in the App, except the Azure Audit - Active Directory dashboard, support logs from both Event Hub and Insight API. This update also includes minor bug fixes and query optimization.

September 1, 2017

Amazon CloudFront. The Sumo Logic App for Amazon CloudFront is now updated to include the Latency Monitoring dashboard. You can use this dashboard to monitor the Latency time, locations, trend, and outlier.

August 29, 2017

Google Cloud Platform Source. Google Cloud Platform (GCP) is now available as a data source. If you are using GCP services, all log data for these services is collected and exposed through the Google Cloud Stackdriver service.  You can export in real time all of the data collected by Stackdriver to Google Cloud Pub/Sub. We use this  Pub/Sub integration to push logs to our platform in real time.

Salesforce. The Sumo Logic App for Salesforce is now updated. The queries are optimized for better performance, and minor defects are fixed. This update has no impact on the dashboard panels.

Apps generally available. We are proud to announce that the Sumo Logic Apps for Cylance, Zscaler - Web Security, Auth0, CrowdStrike - Falcon Platform, and Amazon Inspector are out of Beta and are now generally available.

August 22, 2017

parseDate Released. A new operator, parseDate, extracts a date or time from a string and converts it to an epoch timestamp. For more information see parseDate.

August 18, 2017

Real-time threat assessment. Threat Intel Quick Analysis and Threat Intel for AWS apps now support using Continuous Queries (CQs) for scanning for malicious Indicators of Compromise (IOCs) in real time using the lookup operator.

August 15, 2017

Okta App. The Sumo Logic App for Okta is now available. This app helps you monitor the admin actions, failed logins, successful logins, and user activities to your applications through Okta. The App consists of dashboards that give you visibility into the applications, accesses, user events, and Multi-Factor Authentication (MFA).

Okta Admin Actions Dashboard

OneLoginApp Dashboards. The dashboards of Sumo Logic App for OneLogin are now updated. This update offers Successful Login Outlier panel in the Overview dashboard, and Successful Logins panel in the Security dashboard.

OneLogin Overview

OneLogin Security

Apps generally available. We are happy to announce that the Sumo Logic Apps for Amazon RDS Metrics, CIS AWS Benchmark - Monitoring, Amazon ECS, AWS Elastic Load Balancer - Application, Azure Web Apps are out of Beta and are now generally available.

July 24, 2017

eval metrics operator. The eval operator evaluates a time series based on a user-specified math expression. For more information, see Metrics Operators.

numeric literals and supported multiplier suffixes. A number, or numeric literal, in the Sumo Query language is a set of digits containing no spaces, with an optional decimal point.  Numeric literals can end with a "multiplier suffix," which is a shorthand way to express scalar numeric values multiplied by common factors. For more information on supported multiplier suffixes for numeric literals, see Field Expressions.

July 17, 2017

Custom labels for metrics time series. The default label for time series is a comma-separated list of the dimensions included in the query. The resulting labels can be lengthy and inconvenient to scan. To shorten the labels and make them more meaningful in your metrics visualizations and in dashboards, you can apply a naming convention for custom time series labels on a per-query basis. The labels can include text and also parameters that are enclosed in double curly braces.

June 29, 2017

CloudPassage Halo App. The Sumo Logic App for CloudPassage Halo is now available. This app helps you detect security violations and look for threats across your complex infrastructure, through the analysis of massive volumes of Halo event data. CloudPassage’s Halo platform records over eighty different types of security events about your Halo-managed infrastructure, whether you deploy into public cloud environments or your private data center. These events deliver information about your infrastructure and include critical security alerts for firewall changes, access changes, configuration changes, and file integrity changes, and more.

Microsoft Office 365 App Dashboards. The Sumo Logic App for Microsoft Office 365 App Dashboards is now updated. This update offers new dashboards for Azure Active Directory to help you monitor logins, login locations, and for user and account monitoring.

June 23, 2017

PCI Compliance for Amazon VPC Flow Log App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Amazon VPC Flow App is now available. This app offers dashboards to help you monitor that network traffic, network activities, and network security are within your expected ranges. The PCI Compliance for Amazon VPC Flow App covers PCI requirements 01, 02 and 04.

June 21, 2017

Non-aggregate query speedup. The histogram rendering time is reduced, charting your messages faster.

Removal of 100k pause. Non-aggregate queries are no longer limited to 100k messages at a time.

Be aware of the following changes that come with these enhancements:

  • Field counts still cap at 100k messages. When the message count reaches more than 100k, you will see a message: “We only use the first 100,000 messages to calculate the field counts.”


  • Field counts may still be loading.  Field counts load asynchronously, and may still be loading after the histogram renders.

  • Receipt time still has 100k pause. If your search uses receipt time, you will still see the 100k message limit.

  • Oldest message sorts first when you reach 100k messages. Although you can have more than 100k messages in the histogram, the oldest message that will be shown is the 100k message. To get around this issue and see the range you want on the histogram, you can:

    • Reduce the timerange and return the search.

    • Shift+click on the histogram bar to drilldown into a specific timerange.

June 19, 2017

New Home page experience. Welcome to the Home page for the new Sumo UI. You can immediately launch searches, metrics, Live Tail, and the Setup Wizard directly from Home without having to wrestle with keyboard shortcuts or menu navigation.

You can also access:

  • Recently Opened Dashboards. Easily access the dashboards you’ve run recently to check on current results or to make modifications.

  • Recently Run Searches. Easily access the searches you’ve run recently to check on current results or to make modifications.

  • Recommended Dashboards. Based on current dashboard use in your org, we’ll recommend other dashboards for you to try.

  • Pinned Searches. Find any search you’ve pinned in Sumo.

Finally, we’d love your feedback. There’s a feedback submission window at the top so that you can reach out and let us know if there’s any way we can improve our design to make your product experience better.


New Learn page. Find out more about Sumo by clicking Learn from the Home page. Learn is designed to help you discover Sumo resources quickly by providing direct links to:

  • Important how-to videos

  • Tutorials on setting up and using Sumo for the first time

  • Support ticket interface

  • Product documentation

  • Available training webinars

  • Feature Request site

  • Sumo Community

  • What’s New page with the latest product announcements


Threat Intel for AWS App. A new app for Threat Intel for AWS correlates CrowdStrike threat intelligence data with your AWS log data, allowing for real-time security analytics to help detect threats in your environment and protect against cyber-attacks.

The Threat Intel for AWS App scans your AWS CloudTrail, AWS Elastic Load Balancing, and AWS VPC Flow logs for threats based on IP address and provides four pre-built dashboards, an overview and one for each data source.

June 16, 2017

Custom timestamp formats. You can now specify multiple custom timestamp formats per source, where to locate them in your log lines with regex, and test them to see if we can parse that format. We will still auto detect timestamps for you if your custom formats do not parse. See Timestamps, Time Zones, Time Ranges, and Date Formats and Use JSON to Configure Sources

More epoch timestamp support. You can now specify the epoch timestamp token, which will match against 10, 13, 16, or 19-digit epoch timestamps, with or without decimal points. See Timestamps, Time Zones, Time Ranges, and Date Formats.

June 12, 2017

Filter operator. Use the filter operator to filter the output a search using the results of a different search (using the same search expression). The filter operator keeps only the records that match the filter criteria, allowing you to restrict search results to the most relevant information. See filter operator.

June 1, 2017

New UI. This release introduces a new look and feel and experience for the Sumo Logic UI. Navigation is simplified, and it’s now much easier to find the content you’re looking for. 

If you're a current Sumo Logic user, you'll find that the navigation and some menu items have changed, but most of your working experience will be just as it was before. During the rollout period, we encourage you to start right away with the new UI. That way you'll get used to the changes and can start realizing the benefits.  New UI highlights include:

  • Improved navigation. The menus that used to be on the top of of the UI are now on the left side (we call it the 'left nav'). The menus have been reorganized and some menu and page names have changed. See Navigate Around the New Sumo Logic UI to learn how the navigation compares for the new UI and classic UI.
  • Switch between your tasks in Sumo Logic with the tab bar. The top tab bar allows you to keep multiple pages open at the same time and easily navigate between them. The tabs persist across login sessions, and you can switch context without jumping to new browser tabs or windows. This includes having multiple dashboards open in separate tabs. See Welcome to the new Sumo Logic UI.
  • New log searches, metrics visualizations, and Live Tail sessions. It's now more convenient start working with logs or metrics. If you click the + icon in the Tabs area, you'll see options to select search, metrics, or Live Tail. See Welcome to the new Sumo Logic UI.
  • Library. The Library contents are available from the left nav or the Library page. This is the first step in providing enhanced content sharing capabilities, which we’ll be continuing to roll out in upcoming releases. See Welcome to the New Library.
  • App Catalog. You can access the App Catalog directly from the left nav to search for and install apps. See the topics under Data Types.
  • Home page. The new Home page provides quick access to recently opened dashboards and searches.  See Welcome to the new Sumo Logic UI.

Keyboard shortcuts. Keyboard shortcuts have changed for the new UI. See Keyboard Shortcuts for the New UI.
Apps. The App Catalog has a new preview option. If you’re not sure what dashboards you’ll get with an app, you can click the Preview Dashboards link in the App Catalog to see a preview of the dashboards included with the app.
New tutorials. We’ve updated our Quick Start tutorials to better reflect the different getting started experiences for setting up Sumo Logic and using Sumo Logic. See the new tutorial topics under Start Here.

Data Volume App updated. The Sumo Logic App for Data Volume allows you to view at a glance your account's data usage volume by category, collector, source name, and hosts. The app uses predefined searches and a Dashboard that provide visibility into your environment for real-time analysis of overall usage.

The Overview dashboard has been updated to provide a more comprehensive view of your Logs and Metrics data use.

The following dashboards have also been added:

  • Data Volume - Logs See your log ingest volume in greater detail, outlining ingest spikes, outliers, and quota.
  • Data Volume (Logs) by various metadata fields - Drill down on source metadata, using the metadata you've created within Sumo to better define your log sources.
  • Data Volume - Metrics. Review details of your data ingest to identify areas of high-volume ingest.

May 29, 2017

New Accumulate Operator for Metrics. The accum metrics operator provides a running total over time of certain metrics. Use this when you are measuring a rate, and you want to understand the total number of occurrences. See accum.

Multi-Query Math/JOIN for Metrics. Compare multiple different metrics in new ways to derive new insights.  For example, compare network output and CPU use.

May 23, 2017

AWS Elastic Load Balancer - Classic. The AWS Elastic Load Balancer App has been renamed and updated to provide new panels and dashboards such as the Failed Dispatch Monitoring Dashboard to help you better investigate your AWS ELB usage.

Time Bucketing/Metrics quantization. When you’re visualizing metrics data, the time axis is fundamental to understanding your data.

  • Multiple time series (lines on the chart) should line up in a way that makes it easy to understand and compare behavior (for example, at 10:25AM server1 had 95% CPU usage and server2 had 50% CPU usage).
  • As you change the time scale, the granularity of the data points should change accordingly (for example, 1 second resolution for a metric over 30 days doesn’t make sense).

This capability is called quantization. The quantization interval aligns your time series data to common intervals on the time axis (for example every one minute) to optimize the visualization and performance. See Work with Metrics Visualizations.

May 2, 2017

Threat Intel Quick Analysis App. This App correlates CrowdStrike's threat intelligence data with your own log data, allowing for real-time security analytics to help you detect any threats in your environment, while protecting against sophisticated and persistent cyber-attacks. The Threat Intel Quick Analysis App scans your selected logs for threats based on IP, file name, URL, domain, Hash 256, and email. See Threat Intel Quick Analysis App.

Dashboard Sharing updates. You can now share Dashboards with just your organization (whitelist) or with everyone.  The permission to share dashboards is now spit into two groups:

  • Share Dashboards with the Whitelist
  • Share Dashboards with the World

See Share Dashboards and Role Capabilities for details.

April 28, 2017

PCI Compliance for AWS CloudTrail App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for AWS CloudTrail App offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for AWS CloudTrail App covers PCI requirements 02, 07, 08 and 10. See PCI Compliance for AWS CloudTrail App.

April 27, 2017

Fastly App. Fastly is a content delivery network (CDN) that provides you control over how and where you serve content, access to real-time performance analytics, and the ability to cache unpredictably changing content at the edge. With the Sumo Logic Fastly App, you can examine performance by origin, quality of service, and monitor your visitor traffic for important patterns using pre-defined searches and Dashboards for real-time visibility into your environment. See Fastly App.

April 26, 2017

PCI Compliance for Linux App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Linux offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Linux App covers PCI requirements 02, 07, 08 and 10. See PCI Compliance for Linux App.

PCI Compliance for Windows App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Windows offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Windows App covers PCI requirements 02, 06, 08 and 10. See PCI Compliance for Windows App.

April 24, 2017

AWS Elastic Load Balancer - Application App. This App ingests logs stored in an S3 bucket, giving you the visibility to see the overall health of your Application Load Balancer and Target Groups. Use the Sumo Logic App to analyze raw Application Load Balancer data to investigate the availability of applications running behind Application Load Balancers. See AWS Elastic Load Balancer - Application App.

March 28, 2017

Histogram Time Range Selection. You can highlight a time range in the search results histogram to filter your search results in the Messages tab based on that time range.  See Change the Time Range in the Histogram

Cloud Syslog Source. Documentation for the Cloud Syslog Source beta feature has been updated to expand the rsyslog and syslog-ng information and include troubleshooting suggestions. See Beta - Cloud Syslog Source.

March 27, 2017

OneLogin. OneLogin is an Identity Management provider that supplies a comprehensive set of enterprise-grade identity and access management solutions, including single sign-on (SSO), user provisioning, and multi-factor authentication. The Sumo Logic App for OneLogin provides real-time visibility and analysis of OneLogin user activity through event data, such as user logins, administrative operations, and provisioning. See OneLogin App.

March 16, 2017

Metrics Monitors, Alert on Missing Data. For your metrics query, you can monitor your time series to alert you when data has not been seen for a specified time period. These notifications can be sent via email or webhook connections such as Slack or PagerDuty. See Metrics Monitors and Alerts.

March 1, 2017

2-Step Verification. Sumo Logic now offers 2-Step Verification, also known as two-factor authentication, as an optional feature for customers to enhance security and secure sensitive data stored in Sumo Logic. When 2-Step Verification is configured, the user is prompted for an additional security code after authenticating with their username and password. The user obtains the additional security code from a configured device. See About 2-Step Verification.

AWS Lambda functions. Documentation for creating AWS lambda functions was improved and updated to match the current Amazon user interface. See Amazon CloudWatch Logs and Collect Amazon VPC Flow Logs.

February 22, 2017

Log overlay. Metrics visualizations give you a clear picture of WHAT is happening in your environment. By adding log overlays to your metrics visualizations, you can investigate WHY behavior is occurring and what corrective action might be called for. Log overlays help you correlate the performance shown in your metrics visualizations with logged events that could be responsible for changes in behavior. See Use Log Overlay to Analyze Metrics Visualizations for more information.

Share Dashboards Outside of Your Organization. You can share your live dashboards in view-only mode with no sign-in required, with an option to restrict access to viewers connecting from IPs / CIDRs specified in your service whitelist. This feature must be enabled by an administrator on the Manage > Security > Sumo Logic Policies page. See Share Dashboards for more information.

January 30, 2017

Throttling multipliers increased. Based on extensive testing, the multipliers for throttling based on daily average account size have been increased, in order to reduce the number of customers being throttled. See Manage Ingestion for more information.

Account Size - Daily Average Old Multiplier New Multiplier
Less than 100GB per day 7.0x 7.5x
Between 100-256GB per day 5.6x 6.0x
Between 256-512GB per day 4.2x 4.5x
More than 512GB per day 2.8x 3.0x

January 13, 2017

Metrics Data Volume Index. Metrics have been added to the Data Volume Index to provide visibility into the ingest volume as measured in data points. See Enable and Manage the Data Volume Index.

January 4, 2017

Metrics Monitors and Alerts. For your metrics query, you can set a monitor on a time series to alert you when the metric has crossed a static threshold, and then send an email alert. You can set a maximum of one critical alert and one warning alert for each monitor. For details see Metrics Monitors and Alerts.

Webhook Connection for Microsoft Azure Functions. You can trigger an Azure function directly from a Scheduled Search or metrics monitor by configuring a Webhook connection in Sumo Logic. For details see Webhook Connection for Microsoft Azure Functions.

Webhook Connection for AWS Lambda. You can trigger an AWS Lambda function directly from a Scheduled Search or metrics monitor by configuring a Webhook connection in Sumo Logic. For details see Webhook Connection for AWS Lambda.  

December 22, 2016

Custom Time Range. For searches and metrics, you can specify the time range relative to the current time, or specify a custom time range. For details see Set the Time Range.

December 21, 2016

Metrics Outliers. The metrics outlier feature allows you to identify metrics data points that are outside the range of expected values. You can use outliers to pinpoint unusual behavior in your metrics visualizations and track the behavior over time.  Flexible controls are available for you to decide how unexpected a value must be to be labeled an outlier and the number and type of outliers to display. For details see Metrics Outliers.

Time Compare. The Time Compare button becomes available in the Aggregates tab when you run an aggregate search, and allows you to run a compare operation automatically from your search results. For details see Time Compare.

December 13, 2016

Manage S3 Data Forwarding Role Capability. The Manage S3 Data Forwarding Role Capability allows users with this role to manage S3 data forwarding from Sumo Logic to an S3 bucket. For details see Role Capabilities

December 9, 2016

Color Palette Selector for Metrics. You can specify the color palette for your metrics visualization at the time series, query, and chart level. Settings at the query level overwrite settings at the chart level, and settings at the time series level overwrite settings at the query and chart levels. For details, see Work with Metrics Visualizations.

November 22, 2016

Sumo Logic App for Amazon EC2 Container Service (ECS). The Sumo Logic App for Amazon ECS provides preconfigured searches and Dashboards that allow you to monitor various metrics (CPU and Memory Utilization, CPU and Memory Reservation) across ECS clusters and services. The App also monitors API calls made by or on behalf of Amazon ECS in your AWS account. For details see Amazon EC2 Container Service (ECS)

Sumo Logic App for AWS Elastic Load Balancing Metrics (Preview). The Sumo Logic App for AWS Elastic Load Balancing Metrics allows you to collect and analyze CloudWatch Elastic Load Balancing for Application Load Balancer (ALB) and Classic Load Balancer (CLB) metrics and analyze your ELB system. The App provides preconfigured searches and Dashboards that allow you to monitor Metrics Hosts (healthy and unhealthy), HTTP backend codes, latency and requests, and more. For details see AWS Elastic Load Balancing Metrics App. This is a Preview App

Sumo Logic App for Amazon Inspector (Preview). Amazon Inspector allows you to monitor your AWS resources for potential security risks. The Sumo Logic App for Amazon Inspector provides preconfigured searches and Dashboards that give  you instant access to an overview of Amazon Inspector as well as details on assessments, runs, and findings. For details see Amazon Inspector App. This is a Preview App

November 17, 2016

Sumo Logic App for ESP (Preview). The Sumo Logic App for ESP provides preconfigured searches and Dashboards that allow you to investigate Evident-specific events and provide operational visibility to team members without logging into For details, see Evident Security Platform App. This is a Preview App

November 16, 2016

Sign up for Sumo Logic via the AWS Marketplace. You can sign up for Sumo Logic via the AWS Marketplace. This creates a new Sumo Logic organization and account, and allows you to pay your bill using your Amazon account. For complete details, see Sign Up for Sumo Logic via the AWS Marketplace

Sumo Logic App for Amazon RDS Metrics (Preview). The Sumo Logic App for Amazon RDS Metrics provides visibility into your Amazon Relational Database Service (RDS) Metrics collected via a CloudWatch Metrics Source. The App’s Dashboards provide preconfigured searches and filters that allow you to monitor your RDS system's overview, CPU, memory, storage, network transmit and receive throughput, read and write operations, database connection count, disk queue depth, and more. For details, see Amazon RDS Metrics. This is a Preview App

Pause and Resume an S3 Source. You can pause an S3 Source at any time to stop the Source from sending data from the Source to Sumo Logic. Locate the Source on the Manage > Collection page, and click Pause. Click the Resume link when you are ready for the Source to start sending data again. For details, see Pause and Resume an S3 Source. 

November 10, 2016

AWS Metadata Source for Metrics. The Sumo Logic AWS Metadata Source allows you to collect tags from EC2 instances running on AWS.  The metadata is automatically attached to host metrics collected from EC2 instances. See AWS Metadata Source for Metrics.

November 9, 2016

Delta and Rate operators for Metrics Queries. Support has been added for delta and rate operators for metrics queries. For details, see the table of operators in Metrics Queries.

November 8, 2016

Sumo Logic Service Status Indicator. If there has been an outage on your deployment (or pod), the Service Status Indicator displays: at the top of the Help menu, next to Help > Service Status, and next to the title of a Dashboard. For more information, go to Help > Service Status. This will take you to a web page for your pod with details on any outages, incidents, or planned maintenance. For complete details, see Help Menu

November 7, 2016

Trend Micro Deep Security Preview App is Now GA. The Sumo Logic App for Trend Micro Deep Security is now fully GA. You can install it from Library in the Apps tab. For complete details, see Trend Micro Deep Security App

November 1, 2016

PagerDuty Preview App is Now GA. The Sumo Logic App for PagerDuty is now fully GA. You can install it from Library in the Apps tab. For complete details, see PagerDuty App

GitHub Preview App is Now GA. The Sumo Logic App for GitHub is now fully GA. You can install it from Library in the Apps tab. For complete details, see GitHub App

Google Apps Preview App is Now GA. The Sumo Logic App for Google Apps is now fully GA. You can install it from Library in the Apps tab. For complete details, see Google Apps App

GZIP Auto Detection for AWS S3 Sources. An S3 Source can collect either plain text or gzip-compressed text. Data is treated as plain text by default, but gzip decompression will be used if both of the following conditions apply:

  1. The target file has a .gz or .gzip extension, or no file extension.
  2. The target file's initial bytes match the gzip file format.

For complete details, see AWS S3 Source

Scheduled Search Email Customization. For scheduled searches, you may now customize the subject and contents of your results email in the Schedule this search dialog. Use variables to customize the subject or your email. Then select check boxes to show or hide the Search Query, Result Set, Histogram, and attach the results as a CSV attachment. (The maximum CSV file size allowed is 5MB or 1,000 results.) For complete details see Schedule a Search

October 31, 2016

Last Login on the Manage > Users Page. The Manage > Users page now includes information on a user's last login date. If a user is inactive, the status displayed is Never. If no login information is currently available, but the user is active, the status displayed is N/A. Information will be provided the next time the user logs in. For complete details, see Manage Users

October 26, 2016

Amazon CloudWatch Source for Metrics Total Metrics Field. The Total Metrics field displays the total number of metrics that will be collected if the Source is created with the current configuration. The field automatically refreshes the count when there are changes to the following fields: Regions, Namespaces, Access Key ID, and Secret Access Key. For complete details, see Amazon CloudWatch Source for Metrics

New Scheduled Search Run Frequency Options. You may now select new Run Frequency options for your Scheduled Searches, including:

  • Daily. Select that your search runs every Day, every Weekday (Mon-Fri) or Weekend (Sat-Sun) and the time. 
  • Weekly. Also select the day of the week that it runs and the time. 
  • Custom Cron. Enter a custom CRON expression.

For complete details, see Schedule a Search

October 25, 2016

Percentile (pct) Operator Improvement. The pct operator has been improved to provide smarter results using the t-digest algorithm, which:

  • Provides more accurate results. 
  • Supports higher-precision percentiles (such as 99.9th and 99.99th percentiles).

For complete details, see Percentile (pct). The original pct operator is still available temporarily as the pct_sampling operator. 

October 10, 2016

Sort by Aggregates Tab Column Headers. On the Search page, in the Aggregates tab, you can now use the table chart column headers to sort your results, like you would in a spreadsheet. For details, see How to Use the Search Page

State of the Aggregates Tab is Saved with a Saved or Shared Search. When you save or share a search, the current state of the Aggregates tab is also saved. So if you have created a chart, it will be displayed. When you update your chart, a new link or code is generated in the Share Search dialog. For details, see Save a Search and Share a Link to a Search.

Sumo Logic App for Zscaler Web Gateway. The Sumo Logic App for Zscaler Web Gateway collects logs from Zscaler via Nanolog Streaming Service (NSS) to populate pre-configured searches and Dashboards in order to visualize and provide insight into web traffic behaviors, security, user browsing activities, and risk. This is a Preview App

October 6, 2016

Field Browser now Supports Aggregate Query Results. Formerly, the Field Browser was available on the Messages tab for only non-aggregate queries. Now, it is available for aggregate query results as well. For complete details and limitations, see Field Browser

October 4, 2016

Manage Indexes Role Capability. The Manage Indexes Role Capability allows users with this role to manage Partitions and Scheduled Views. For details see Role Capabilities

September 26, 2016

Sumo Logic App for CrowdStrike Falcon Host (Preview). The Sumo Logic App for CrowdStrike Falcon Host allows you to analyze CrowdStrike security events by type, status, and detection method. You can use the App to investigate CrowdStrike-specific events and provide operational visibility to team members from pre-configured searches and Dashboards, without logging into the CrowdStrike console. This is a Preview App

September 23, 2016

Deprecation of Username/Password for Collector and Source API Authentication. As of September 28, username and password will no longer be supported for API authentication. The API topics have been updated accordingly. See API Authentication.

September 15, 2016

Timezone for Scheduled Search. Sumo Logic now allows you to select the timezone that your scheduled search will use. For details, see Schedule a Search.

View or Download Collector or Source JSON Configuration. You can view and download a JSON configuration file for a Collector or Source from Sumo Logic:

  • For Collectors, the JSON file defines a set of Sources used to register a new Collector.
  • For Sources, the JSON file defines a single Source to use when managing a folder of multiple Sources or when uploading a new Source using the API.

Downloading the configuration allows you to create scripts to configure multiple Collectors and Sources or to create configuration backups. See View or Download Collector or Source JSON Configuration.

Managing Users and Roles. The ability to manage users and roles can now be expanded beyond admin users. When adding or editing a role, you can add the ability to manage users and roles on the Capabilities tab. See Role Capabilities

September 12, 2016

Real Time Alert Time Range Limitation. The time range limit for Real Time Alerts has changed. It must now be between 5 and 15 minutes. Previously, it was between 1 and 15 minutes. For details, see Create a Real Time Alert

Search Results Headers are Now Static. When you run a search query, resulting messages are displayed in the Messages, Aggregates, or Signatures tabs in the lower half of the browser window. The search results headers are now static. For details, see Navigate Through Messages in Search Results

September 8, 2016

Click the Sumo Logic Logo to Go to the Search "Home" Page. Within the Sumo Logic Web Application, on the Dashboards page, or in the Setup Wizard, click the Sumo Logic logo to return to the Search page, which is considered the Sumo Logic "home" page. For details, see How to Use the Search Page

September 1, 2016

Scheduled Search Email Alert Template Improvements. The Scheduled Search Email Alert template is now easier to read and includes more pertinent information, including the title of the saved search, description, search query string, time range, run frequency, notification threshold, time that the scheduled search was run, and the name and email of the person who scheduled the search. For complete details, see Receive Email Alerts from Scheduled Searches

August 29, 2016

Host Metrics App is GA. The Sumo Logic App for Host Metrics allows you to collect your local host metrics and display them using predefined search queries and Dashboards. The App provides Dashboards to display analysis of local host metrics for the CPU, disk, memory, network, and TCP. For details see Host Metrics App

August 22, 2016

Setup Wizard Metrics Sources. The Setup Wizard now supports the following metrics Sources: Host Metrics, and Graphite-Formatted Metrics including CollectD, DropWizard, and StatsD. For complete details, see Collect Streaming Data for Metrics.

August 15, 2016

Sumo Logic App for Host Metrics (Preview). The Sumo Logic App for Host Metrics allows you to collect your local host metrics and display them using predefined search queries and Dashboards. The App provides Dashboards to display analysis of local host metrics for the CPU, disk, memory, network, and TCP. This is a Preview App

Search Cookbook (Beta). Doc Hub has a new section, a Problem / Solution / Discussion format that provides an alternative way to access the documentation. Because it is a Beta Release, we're looking for everyone's feedback.

August 11, 2016

New! Longer Web Session Timeouts Available. On the Preferences page, you can now select new longer web timeout session times, from 1 day to 7 days. For details, see Preferences Page

The Sumo Logic App for Azure Web Apps (Preview). The Sumo Logic App for Azure Web Apps allows you to collect Azure web server and application diagnostics logs and monitor the health of your Azure Web Apps environment. The App provides preconfigured Dashboards that allow you to monitor server operation and traffic requests and response times. This is a Preview App

August 9, 2016

Sumo Logic App for Trend Micro Deep Security (Preview). The Sumo Logic App for Trend Micro Deep Security works with system and security events to monitor event history such as anti-malware, IPS, web reputation, firewall, integrity and log inspection events. For complete details, see Trend Micro Deep Security App. This is a Preview App

August 8, 2016

JFrog Artifactory Sumo Logic Integration. JFrog Artifactory is a universal Artifact Repository Manager that integrates with CI/CD and DevOps tools to provide artifact tracking. The JFrog Artifactory Sumo Logic integration provides the ability to access preconfigured Sumo Logic Dashboards directly from Artifactory that will allow you to analyze data from your Artifactory logs. Enable the JFrog Artifactory Sumo Logic integration directly from Artifactory. When you enable the integration, a Connector and Source are automatically configured, and the Sumo Logic App for Artifactory is automatically installed. For details, see JFrog Artifactory Sumo Logic Integration

Collector Upgrade Notifications in the Audit Index. The status is provided to the Audit Index (_index=sumologic_audit) for each event in the User Activity Source Category (_sourceCategory=user_activity), and Collector Source (_sourceName=COLLECTOR), including the returned log message of success or failure. For complete details, see Enable and Manage the Audit Index

August 2, 2016

Metrics. Sumo Logic is now a unified machine data analytics platform for logs and metrics. With the introduction of metrics, you can measure infrastructure, such as operating system performance or disk activity; application performance; or custom business and operational data that is coded into an organization’s applications. You can track key performance indicators (KPIs) over time, determine if an outage has occurred and restore service, or determine why an event occurred and how it might prevented in the future. For details, see Metrics.

August 1, 2016

Predict Operator Autoregressive (AR) Model. The Predict Operator now also includes support for the autoregressive (AR) model, which predicts future data points, along with the linear regression that predicts existing data points. For complete details, see Predict

Field Extraction Rules now Support JSON and CSV. Field Extraction Rules (FERs) now support the JSON and CSV operators. (JSON auto and CSV auto) are not supported. For details, see Create a Field Extraction Rule. 

July 28, 2016

Sumo Logic App for Auth0 (Preview). Auth0 is a cloud-based, extensible identity provider for applications. The Sumo Logic App for Auth0 makes it easy to analyze and visualize your Auth0 event logs, and provides insight into security and operational issues. This is a Preview App

July 19, 2016

New UI for Users and Roles. As the first step in introducing advanced Role Based Access Control (RBAC) to Sumo Logic, the UI for the Manage > User and Manage > Roles pages has been updated.  The new UI provides Sumo Logic administrators with an easy and intuitive way to create new roles based on business needs, define the capabilities the roles can access, assign users to roles, and manage the settings for users, roles, and capabilities. For complete details, see Users and Roles.

July 15, 2016

The Sumo Logic App for Azure Audit (Preview). The Sumo Logic App for Azure Audit allows you to collect Azure Audit logs and monitor the health of your Azure environment. The App provides preconfigured Dashboards that allow you to monitor Active Directory activity, resource usage, service health, and user activity. For complete details, see Sumo Logic App for Azure Audit. This is a Preview App

July 13, 2016

Secure Third-Party Service Access. Within Sumo Logic, several links in the Help menu connect to third-party services, such as SupportFeature Request, and Community. Users that do not authenticate to Sumo Logic using a username and password are required to complete the email verification process. This usually applies to users that log in using a third-party Single Sign-On (SSO) service implementing SAML, users that access Sumo Logic from the Heroku add-on, and users of other Sumo Logic integration partners that provide SSO. For complete details, see Secure Third-Party Service Access

July 5, 2016

Search Links Lifetime Extended to Three Years. Previously, the lifetime of a search link was only 30 days. This lifetime has been extended to three years. For details, see Share a Link to a Search. 

June 30, 2016

Information about Throttling Notifications Added to Audit Index. Status is now provided to the Audit Index when throttling events occur. See the "Throttling Notifications" section in Enable and Manage the Audit Index.

June 28, 2016

fillmissing operator. When you run a standard group-by query, Sumo Logic only returns non-empty groups in the results. For example, if you are grouping by timeslice, then only the timeslices that have data are returned. The fillmissing operator addresses this shortcoming, by allowing you to specify groups that should be represented in the output, even if those groups have no data. For complete details, see fillmissing

Sumo Logic App for Cylance (Preview). The Sumo Logic App for Cylance allows you to analyze Cylance security events by type, status, and detection method. You can use the App to investigate Cylance-specific events and provide operational visibility to team members without needing to log into Cylance. This is a Preview App

June 27, 2016

Account Page Updates. The Account page has been updated to provide more information on your Sumo Logic Organization, users, and retention period, and the current and previous billing periods. Your Account's Organization ID was previously displayed on the Preferences page, but now it is displayed on the Account page. Also, the Usage Reports page has been removed, as that information is now on the Accounts page. 

Change the Name of the Org. The Account Owner can change the display name of their Organization. This can be useful if you are using Multi-account Access to switch between several Sumo Logic Organizations.

Multiline Processing Enabled by Default in the UI. Multiline processing for Sources is now enabled by default in the Sumo Logic Source Configuration UI, to be consistent with the API configuration. For details, see Define Boundary Regex for Multiline Messages

June 22, 2016

Sumo Logic App for MongoDB - Preview to GA. The Sumo Logic App for MongoDB has graduated from a Preview App to a fully supported GA Sumo Logic App. It can now be found in the Library under the Apps tab. 

May 31, 2016

Change Email Address. As a user, you can now change your email address in Sumo Logic. Or as an administrator, you can change a user's email address. For details, see Change Your Email Address and Change a User's Email Address.

Quick Search for Collectors and Sources. You can quickly start a search for a Collector, Source, or Source Category from the Manage Collection page. For instructions, see Quick Search for Collectors and Sources.

May 26, 2016

Sumo Logic App for Microsoft Office 365 - Preview to GA. The Sumo Logic App for Microsoft Office 365 has graduated from a Preview App to a fully supported GA Sumo Logic App. It can now be found in the Library under the Apps tab. 

May 24, 2016

Sumo Logic App for AWS Lambda - Preview to GA. The Sumo Logic App for AWS Lambda has graduated from a Preview App to a fully supported GA Sumo Logic App. It can now be found in the Library under the Apps tab. 

Export and Import Content In the Library. In the Library, you can export content as JSON, including whole folders with subfolders, saved searches, and Dashboards. Then you can import the content as JSON into the Personal folder in the same Sumo Logic organization. (All content names must be unique.) You can also export and download your content as a JSON file to import it into another Sumo Logic organization.

For complete details, see Export and Import Content in the Library

May 17, 2016

Sumo Logic App for Artifactory Refresh. The Sumo Logic App for Artifactory has been refreshed with new Overview Dashboard Panels and other important updates. For complete details, see Artifactory App

May 13, 2016

Sumo Logic App for MongoDB. The Sumo Logic App for MongoDB provides insight into your MongoDB environment, allowing you to track overall system health, queries, logins and connections, errors and warnings, replication, and sharding. This is a Preview App

May 5, 2016

Sumo Logic App for PagerDuty. The Sumo Logic App for PagerDuty collects incident messages from your PagerDuty account via a webhook, and displays that incident data in pre-configured Dashboards, so that you can monitor and analyze the activity of your PagerDuty account and Services. This is a Preview App

April 29, 2016

New Dashboards. New Dashboards combine all of the functionality of Interactive and Live Dashboards in a unified environment. The interactive mode is now the default when you open a Dashboard, and you can click a toggle to go to Live mode. For details, see About Dashboards.

April 27, 2016

Unlock a User's Account. If a user tries to log into their account several times and fails, his or her account will be locked out for security reasons. During the lockout period, an administrator may now unlock a user's account manually. For details, see Unlock a User's Account

April 25, 2016

Sumo Logic App for AWS Lambda. The Sumo Logic App for AWS Lambda uses the Lambda logs via CloudWatch and visualizes operational and performance trends about all the Lambda functions in your account, providing insight into executions such as memory and duration usage, broken down by function versions or aliases. This is a Preview App

April 20, 2016

Sumo Logic Multi-account Access. For users with accounts in multiple deployments, Multi-account Access allows you to log into multiple Sumo Logic accounts (also called organizations) using one username (email address) and password. If the same username already exists in more than one Sumo Logic organization, the accounts are linked automatically. No action is required, though initially, you will be asked to change your password. When you do, this will become your multi-account password. After you log into Sumo Logic, in the menu under your name, you will see the list of organizations that you can access under Switch Org.

Other important notes:

  • Sumo Logic Multi-account users may have access to organizations that use different Password Policies. With Multi-account, the password policy data from different organizations is centralized.
  • For Multi-account users, Collector registration with username and password is longer supported. Multi-account users must use the token or accessid/access key option.
  • Also, with Multi-account, to use the API, like with Collectors, you will not be able to log in using a username and password. You will be required to use an Access ID and Access Key.

For complete details, see Multi-account Access

April 15, 2016

Search the Library for Content Types. In the Library, in the Personal folder, you can now use the search field to search for certain content types. For example, you could enter type:search and the results would list all saved searches. You may also search for folders, Dashboards, and Scheduled Searches. For complete details see Search the Library

April 12, 2016

Early access to Unified Logs and Metrics. Interested customers can log in to Sumo Logic, then click the new Metrics page to gain early access to the Sumo Logic Metrics feature set, which delivers advanced analytics, powered by machine learning algorithms, for unified log data and time-series metrics.

Scheduled searches are retained when a user is deleted. Previously, when a user account was deleted from Sumo, the user's content was added to a "Content from deleted user..." folder in an Admin account, but scheduled searches were stopped.  Now, schedule information associated with searches is retained, even when a user account is deleted. Notifications continue to arrive via email to the same recipients.

April 6, 2016

Preview Tab in the Library, Featuring Preview Apps. Preview Apps are Sumo Logic Apps that are currently under development, but are not yet released or officially supported. They appear in the Library under the Preview tab. You can install and use Preview Apps to test how well their use cases work for you, and provide feedback to Sumo Logic. 

New Preview Apps include:

Delete the Organization for a Free or Trial Account. The owner of a Sumo Logic Free or Trial account may delete his or her Organization from Sumo Logic, which will close the account permanently. When you delete your Organization, you will delete all users and data from Sumo Logic, close the account, and log yourself out as a user. 

Merge operator and revised Transactionize operator. The new Merge operator summarizes a set of events and works with changes to the Transactionize operator. The _group_signature field added by the Transactionize operator is now deprecated, replaced by the Merge operator.

February 17, 2016

LogCompare. LogCompare allows you to compare a section of your log messages from one point in time with the same section at another point in time, and display the changes in patterns. For example, you could use LogCompare to determine if your last software deployment has broken something. To use LogCompare, run a search query with non-aggregate results, then click the LogCompare button in the Messages tab. This automatically compares the current query result with the result of the same query 24 hours in the past to show what has changed.LogCompare to determine if your last software deployment has broken something. To use LogCompare, run a search query with non-aggregate results, then click the LogCompare button in the Messages tab. This automatically compares the current query result with the result of the same query 24 hours in the past to show what has changed.

Date Format preference. On the Preferences page, you can now choose an option for Date Format, which sets how dates appear on the Search page and in saved searches. Changing this from the default option (which uses your browser's default date format) has no affect on collection or timestamps of logs.

February 3, 2016

Manage Security Page UI Update. The Manage > Security page user interface has been updated with fonts, colors, and a new tab style. Some settings have changed locations. 

February 2, 2016

Live Tail CLI. The Live Tail Command Line Interface (CLI) is a standalone application that allows you to start and use a Live Tail session from the command line. With the Live Tail CLI, just as with Live Tail in the Sumo Logic Web Application, you can search and filter on the following metadata fields: _sourceCategory, _sourceHost, _sourceName, _source, or _collector. You may also filter on keywords.

In Operator. The In operator returns a Boolean value: true if the specified property is in the specified object, or false if it is not.

January 30, 2016

Access to Partion and Scheduled View Management pages. Non-admins can now view the Manage > Partitions and Manage > Scheduled Views pages. While only Admins can create and manage these search optimization tools, non-Admins may find it useful to see the available Partitions and Scheduled Views.

Sumo Logic App for AWS ELB. The Sumo Logic App for Elastic Load Balancing ingests logs generated by this activity, providing greater visibility into events that, in turn, help you understand the overall health of your EC2 deployment.

January 22, 2016

Sumo Logic App for Box. The Box App has been updated with new scripts and instructions for collecting Box Events. There are no changes to the Dashboards.

January 21, 2016

Live Tail. Sumo Logic Live Tail allows you to see a real-time live feed of log events associated with a Source orCollector, which you can use as a tool for development and troubleshooting. The Live Tail user interface mimics the command line with a solid black background and easy to read white text. It provides all log messages as they come in, with low latency.

You can start and filter a Live Tail session using the following supported metadata categories: _sourceHost, _sourceCategory, _sourceName, _source, and _collector.

Other Live Tail features include multiple Live Tail sessions, opening your Live Tail query in the Search page (or Show in Search), opening your Live Tail session in a new "pop-out" window, and changing the preferences of your Live Tail display, including line spacing, message text size, and message color.

January 13, 2016

Export 100,000 records. You can now export 100,000 records from Sumo Logic. The previous limit was 10,000 (via the UI).

December 21, 2015

Docker Sources. There are two new Sources for Docker on Installed Collectors:

  • Docker Logs. Collects stdout/stderr logs from processes that are running within Docker containers.
  • Docker Stats. Collects metrics about Docker containers.

Sumo Logic App for Docker update. The Sumo Logic App for Docker has been updated to use the new Docker Logs and Docker Stats Sources.

Sumo Logic App for AWS Config. The Sumo Logic App for AWS Config presents modification notifications that contain snapshots of resource configurations and information about the modifications made to a resource. The app uses predefined Live and Interactive Dashboards and filters, which provide visibility into your environment for real-time analysis of overall usage. The app leverages AWS Config’s Simple Notification Service (SNS) notifications.

Setup Wizard Updates. The Setup Wizard now includes automatic configuration for Akamai Sources.Akamai Sources.

Timezone Offset for Timestamps. The timezone offset is now displayed in timestamps in two places: in search results in the Messages tab, and in the search timerange selector pop-up.

Median Operator. In order to calculate the median value for a particular field, you can utilize the Percentile (pct) operator with a percentile argument of 50.

Mac Keyboard Shortcuts. Mac keyboard shortcuts are now supported on the Search page in the search query box.

Display more than 15 results in the Messages tab. In the Messages tab Preferences menu, you may now select to display 25, 50, or 100 log messages for your default number of search results.

November 4, 2015

Setup Wizard Updates. The Setup Wizard now includes automatic configuration for Windows Events and Apache Tomcat data Sources. You can also add additional Sources to existing Collectors through the Setup Wizard.

October 20, 2015

Sumo Logic Add-on for Heroku. Heroku is a platform that allows developers to build applications in the cloud. Sumo Logic provides an add-on for Heroku that fully integrates the power of Sumo Logic log analytics for Heroku users. When you install the Sumo Logic add-on for Heroku from the Heroku site, a Sumo Logic account is provisioned for you, and your application logs are automatically forwarded to this account.

Changing the Account Owner. Sumo Logic Free and Sumo Logic Professional accounts have an Account Owner. By default the Account Owner is the Admin who set up the account/signed up for the account. The Account Owner can reassign the role to another user in his or her organization. This setting was previously on the Billing page, but it is now on the Account page under Account Ownership. This setting is only visible to the Account Owner. For details see Account page.

October 5, 2015

Webhooks. The new Webhook alert type allows you to easily fire off alerts from Sumo Logic Scheduled Searches into a variety of third-party tools such a Slack, PagerDuty, VictorOps, and Datadog. Webhooks can also enable easy integration to your own custom app or unlock a variety of use cases via third-party integration.

September 19, 2015

Google Apps Audit Source. The new Google Apps Audit Source uses the Google Apps Reports API to ingest all audit logs via watchpoints to collect activity from Google apps such as Admin, Calendar, Drive, Login, and Token. This Source runs on a Hosted Collector in the Sumo Logic Cloud.

Sumo Logic App for Amazon VPC Flow Logs. Amazon’s Virtual Private Cloud (VPC) Flow Logs contain information about the IP network traffic of your VPC, allowing you to troubleshoot traffic and security issues. TheSumo Logic App for Amazon VPC Flow Logs leverages this data to provide real-time visibility and analysis of your environment. It consists of predefined searches, Live Dashboards, and Interactive Dashboards.

isNull improvements. isBlank and isEmpty have been added to isNull for finding strings that are null, are empty, or consist of whitespace.

Updated Dashboard Icons. Icons on the Dashboard page have been updated to use a font set consistent with the UI. The Sharing Settings icon has changed the most. When you have shared a Dashboard, instead of showing a green check mark, the icon turns blue.

Enable or disable keyboard shortcuts. Keyboard shortcuts may conflict with international keyboards or other shortcuts. By default keyboard shortcuts are enabled, but can now be disabled on the Preferences page.

August 19, 2015

Filter updates. When filtering Source data, you'll now see that filters are managed under Processing Rules.

Run searches from apps before installing them. You can now test drive searches from apps before you install them. Just click a search in the Library to run it. Note that you'll need to have data related to the search present in your Sumo Logic account to see results. Also, searches in Enterprise apps (such as PCI) are not available.

Number of available users displayed in the Users page. To help admins keep an eye on the number of available seats in an account, the number of allotted users is displayed at the top of the Users page, along with the number of users already added to the account.

Better preservation of line breaks in search results. Line breaks in multiline logs now display, properly formatting these messages.

August 3, 2015

UI updates. You'll notice a new look for the Histogram on the Search page, as well as a new Add button on the Users, Roles, Partitions, Scheduled Views, and Field Extraction management pages.

July 28, 2015

Numerical filters for Interactive Dashboards. With numeric filters, you can restrict the range to display in an Interactive Dashboard using =, !=, >, <, >=, or ,<=.

The Sumo Logic App for Artifactory. This new app provides insight into your JFrog JFrog Artifactory binary repository. The App provides preconfigured Dashboards that include an Overview of your system, Traffic, Requests and Access, Download Activity, Cache Activity, and Non-Cached Deployment Activity.

Anomaly Detection updates. Anomaly Detection now provides the ability to create Snapshots of your Anomaly reports to save information about Events and Incidents that need further investigation and interact with them. Also, the new Incidents page allows you to run a historical query on-demand for insights to the anomalies detected by Sumo Logic older than six hours. Drilling down into the updated Signatures pane provides a new line graph and signature details. The Change column with an arrow indicator has also been restored to the Signatures pane.

July 21, 2015

New features in the Setup Wizard. In this release, you'll find new options for setting up HTTP and Syslog Sources for Cisco ASA, Palo Alto Network, Linux system, Mac system, Windows Events, and Windows Performance data types. 

Embedded URL links in Dashboard Panels. Tables in Dashboard Panels can now include links to URLs.

AkamaiAkamai, Windows Events, and Windows Performance app improvements. New Overview Dashboards for each app make finding general information easier to see at a glance.

July 9, 2015

Interactive Dashboards. Interactive Dashboards are a powerful forensic tool to create searches and view search results based on data from any time in the past month. 

Keyvalue Auto Extract. With this new mode, the keyvalue operator can automatically extract non-referenced fields.

June 20, 2015

JSON Auto Extract. The json auto option in a query automatically detects JSON objects in logs and extracts the key/value pairs without the need to specify fields in a parse statement. For complete details, see JSON Operator.htm.

Default Timezone. This setting on the Preferences page allows you to change the time zone displayed in the Sumo Logic user interface, which by default is taken from the web browser. This is a personal setting, and does not change the time zone for anyone else in your organization. This option affects all hours and minutes displayed in the user interface, including time ranges on the Search page, the Time column in the Messages pane, in Dashboards, and in Anomaly Detection. It does not affect the configurations of previously created Scheduled Searches or Real Time Alerts. For details, see Timestamps, Time Zones, and Time Ranges.

Anomaly Detection updates. Anomaly Detection now provides the ability to create Snapshots of your Anomaly reports to save information about Events and Incidents that need further investigation and interact with them. Also, the new Incidents page allows you to run a historical query on-demand for insights to the anomalies detected by Sumo Logic older than six hours. Drilling down into the updated Signatures pane provides a new line graph and signature details. The Change column with an arrow indicator has also been restored to theSignatures pane.

Sumo Logic App for Docker. The Sumo Logic App for Docker provides operational insight into your Docker environment. The App uses a Container, which includes a Collector and a Script Source, to gather statistics and events from the Docker Remote API on each host. The App includes Dashboards that allow you to view your Container performance statistics for CPU, memory, and the network. It also provides visibility into Container events such as start, stop, and other important commands.

Navigation Bar Refresh. The Sumo Logic navigation bar has been refreshed with new colors and fonts to update the look and feel. Its function has not changed.

parseHex Operator. The parseHex operator allows you to convert a hexadecimal string of 16 or fewer characters to a number.

June 16, 2015

Sumo Logic App for Apache Tomcat. The Sumo Logic App for Apache Tomcat monitors server operations, assists in troubleshooting issues, and provides insight into website visitor behavior patterns across entire web server farms. It also provides a high level overview of the Tomcat servlet container, Catalina, and garbage collection. The app consists of predefined Dashboards and searches, which provide visibility into your environment for real time or historical analysis. For complete details, see Sumo Logic App for Apache Tomcat.

Setup Wizard Updates. The Setup Wizard, in addition to AWS data types, now allows you to configure Collectors and Sources for Apache, Windows IIS, MySQL, Nginx, and Varnish data types. It also allows you to configure your own Custom Apps and to Upload Local Files in order to test Sumo Logic for your use case. For details, see Setup Wizard.

May 24, 2015

Sharing a Dashboard's URL. From the Dashboards page, you can now share a URL link to a Dashboard, meaning that others in your organization will be able to jump right to the Dashboard you'd like to share with them. When another user clicks the URL, they will be asked to log in before they can view the Dashsboard.

April 25, 2015

Save Search dialog changes. This dialog is now split into sections for “Save Search As", and “Schedule this search.” This change makes configuration clearer and easier.

Share Search Query link moved on the Search page. The location of the Share Link on the Search page has changed. It is now included with the links under the Search box.

Request Enterprise App dialog. Some changes have been made to this dialog, which opens when you click the Request Estimate button for the PCI and Security Analytics apps. The dialog informs you that Enterprise apps require a paid Professional Services contract to install and configure. You may upgrade your account at any time.

Request button for Enterprise apps. The Request button for enterprise apps has been changed to Request Estimate as a reminder that the Enterprise app installation requires a paid Sumo Logic Professional Services contract.

App Install button look and feel. The position and appearance of the Install button for installing Apps from the Library has been changed.

Collectors page changes. Breadcrumb links have been added to the Collectors page.

Deploy Collectors on AWS OpsWorks. You can now deploy collectors on AWS OpsWorks, which provides a simple platform that allows you to easily create and manage stacks and applications.

March 21, 2015

Support for new operators in Field Extractions. You can now use keyvalue and fields operators in Field Extractions, as well as the new num operator.

Num operator. The Num operator converts a field to a number. Using Num in a query is useful for sorting results by number instead of alphabetically.

Organization ID field in the Preferences page. You'll notice a new ID number the next time you check the Preferences page. This is the unique ID of your organization, automatically assigned when your account is activated, and is used mainly by the Sumo Logic Support team to verify an Organization during support cases.

March 9, 2015

Setup Wizard. The Sumo Logic Setup Wizard allows new users to get started quickly. It guides you step by step to select the Source of your logs, configure that Source and a Collector, and uploads data to Sumo Logic automatically. Once the data begins to upload, the wizard even installs a Sumo Logic App that allows you to analyze your data. Within the Sumo Logic Web Application, you can access the Setup Wizard to configure additional Collectors and Sources by going to Manage > Setup Wizard.

AWS Sources. Sumo Logic has made adding AWS Sources for Hosted Collectors easier. On the Collectors page, when you click Add Source, now you can select the new Source tiles for AWS solutions including AWS CloudTrail, AWS Config, AWS Elastic Load Balancing, Amazon CloudFront, and AWS S3 Audit.

Sumo Logic Apps for Data Volume and Audit. When installing the Sumo Logic Apps for Data Volume and Audit, if you do not have the Data Volume or the Audit Index features enabled, a step was added that allows you to enable these features as install time. This prevents you from installing an App that is not configured to work properly accidentally.

Collector Management API Documentation. The Collector Management API documentation has been added to Help for easy reference.