Skip to main content
Sumo Logic

2020 Service Release Notes

December 22, 2020


Update - We’ve brought you greater control over your data: now you can update an existing partition’s routing expression, which determines what data goes into the partition. (You have to be a Sumo Logic admin or have the Manage Partitions role capability.) 

Changing the scope of a partition is useful if you simply want to route more or less data to an existing partition. Better yet, it allows you to re-route some or all of the data in an existing partition to a different Data Tier than the one it currently resides in. If you decide that some of the data in a partition belongs in a different tier than the one currently configured, you can edit the scope of that partition to exclude that data, and create a new partition for it that targets the desired tier.

For more information, see Edit a Partition.

December 21, 2020


Update - The CrowdStrike Falcon Endpoint Protection App has been updated to include a new dashboard to provide visibility into Falcon incidents. All dashboards have been updated to use the new dashboard platform. This app uses the new CrowdStrike Source to collect log data from the CrowdStrike Falcon Endpoint Protection platform.

December 8, 2020


Update - F5 - BIG-IP LTM App now uses Telemetry Streaming to collect log data from F5 - BIG-IP LTM.

December 4, 2020


New - Select a duration for your Support Account Access. This determines how long the account is enabled. You can choose from 1 day to one year to indefinitely depending on your needs and comfort level with our access.

November 19, 2020


Update - Ingest budgets now have a Scope, replacing Field Value, which defines the log data to apply to a budget. This new budget assignment scheme allows you to have granular control over your ingest budgets while keeping the configuration overhead to a minimum.

November 16, 2020


New - AWS Firewall Network app provides visibility into traffic flows, through alerts generated by AWS Network Firewall.


You can now easily link dashboards together to quickly view related data. Each panel can have links to other dashboards. Links have options to include metadata and time range. When viewing the summary tab on a panel with linked dashboards you'll have the option to select from linked dashboards.

November 05, 2020


New - We're thrilled to announce our new Cloud-to-Cloud Integration Framework.

The Cloud-to-Cloud Integration framework is an extensible system for running fully hosted, pull, and pub-sub based sources. Traditionally, Sumo Logic collection has been push-based, where we expose an endpoint to which data sources or collector agents push data to us. However, many SaaS applications and Cloud Providers expose event data that describe user, system/application activity which is critical for operations monitoring, security, and compliance use cases. The Cloud-to-Cloud Integration Framework is the system by which we provide integrations to these sources and SaaS applications.

This release comes with two new Sources, Okta and Netskope. Our existing apps are updated to work with these two new Sources.

The Cloud-to-Cloud Integration Framework is an extensible architecture, in which new Sources can be easily added in the future. Check out the Sources we have available in beta.


Update - We're happy to announce that the updated version of Sumo Logic App for Azure WebApp is compatible with the new Azure Monitor based Collection.

October 30, 2020


New - We’re pleased to announce a new role capability that allows a Sumo Logic admin to limit the ability of users to create Access Keys. Currently, all Sumo Logic users can create Access Keys on the Preferences page. (Access Keys allow a user to register collectors and to use Sumo Logic APIs.) With the new Create Access Keys capability, you can limit the ability to create Access Keys to only those roles that require it. Note that, with this update, all roles in your Sumo account have the Create Access Keys capability. To restrict access, your Sumo Logic administrator can remove the capability from roles that do not require it. 

New - We’ve released a new security policy you can use to set a maximum timeout for Sumo Logic UI web sessions. Sumo Logic users can set their web session timeout on the Preferences page, up to a maximum of 7 days. If you are a Sumo Logic admin with the Manage Organizational Settings role capability, you can now specify the maximum web session timeout period that users in your org can select. For more information, see Set a Maximum Web Session Timeout.

October 23, 2020


Update - We have rolled out audit logging support for Monitors. Create, read, update, and delete operations of Monitors are logged in the Audit Event Index.


New - We’re happy to announce the Windows JSON App based on the JSON event log format and provides insight into the operations of the Windows system operation and events so that you can better manage and maintain your environment. The Windows JSON App is based on the JSON Windows event log format and consists of predefined searches and dashboards that provide visibility into your environment for real-time analysis of overall usage of Security Status, System Activity, Updates, User Activity, and Applications.


New - Active Directory JSON assists you in monitoring the Windows Active Directory deployment by analyzing Active Directory logs in the JSON based event log format. The app includes predefined searches and dashboards that provide user activity into your environment for real-time analysis of overall usage.

Active Directory Service Activity.png

October 21, 2020


Update - Webhook payload variables need to be in mustache format. You do this by wrapping each variable in double curly brackets, like {{variable}}. In February 2018 we introduced this format. We did not deprecate the previous format using a dollar sign, like $variable. Going forward, we will only support mustache format.

This change was communicated to administrators of accounts still using the old format. Any existing alerts using the old format have been automatically switched to the new format.


Change - We made some nice changes to our approach to disabling metric sources that generate too many unique time series. Instead of completely disabling a noisy metric source, we take a more fine-grained approach by dropping the offending dimension or dimensions.

Also, we’ve implemented a global limit for unique time series, across all your metric sources. That gives you some wiggle room—you can have some metric sources that generate lots of unique time series, and as long as the volume across all your metric sources doesn’t exceed the global limit, you’re good. If you are leveraging Short Term retention in Transformation Rules, you also get significantly higher capacity on the cardinality before being impacted.

Finally, we’ve increased the limit of unique time series a Logs-to-Metrics rule can produce. For more information, see Disabled Metric Sources and Logs-to-Metrics.

October 19, 2020


New - Jira and Opsgenie webhook connections are now available. 

  • Opsgenie connections allow you to create incidents based on Sumo Logic alerts within Opsgenie.
  • Jira connections allow you to create Jira tickets based on Sumo Logic alerts in Jira Server, Jira Cloud, and Jira Service Desk.

October 8, 2020


New - We’re pleased to announce the JMX App that allows you to analyze and gain insights about Java applications in Kubernetes and Non-Kubernetes environment. The dashboards provide a quick glance at various deployment metrics like memory, CPU, GC performance, and thread behavior, so you can troubleshoot unexpected behavior in your Java environment and the applications running in it. 


New - Nginx ULM App helps you monitor webserver activity in Nginx for both Kubernetes and Non-Kubernetes environment. The preconfigured dashboards provide information about site visitors, including the location of visitors, devices/operating systems, and browsers used; and information about server activity, including bots observed and error information.

Nginx ULM - Overview.png

New - Nginx Ingress ULM App helps you monitor webserver activity in Nginx Ingress Controller for both Kubernetes and Non-Kubernetes environment. The dashboards provide information about site visitors, including the location of visitors, devices/operating systems, and browsers used; and information about server activity, including bots observed and error information.

Nginx Ingress ULM - Overview.png

New - Redis App monitors the state of the database cluster in Kubernetes and Non-Kubernetes environment. The dashboards provide information about cluster status, resource usage, commands running, and cache hit rate. You can easily determine the health of the cluster by just a glance at the dashboards.

Redis ULM - Overview.png  

October 6, 2020


New - We’re excited to announce the Software Development Optimization solution that helps you to increase release velocity, improve reliability, and comprehensively monitor your software development pipelines with industry-leading metrics and actionable insights generated automatically from development tools such as Jira, GitHub, Jenkins, PagerDuty, Bitbucket, Opsgenie, and more. 


October 6, 2020


Update - The AWS Observability CloudFormation template has been updated to accommodate intuitive naming of individual AWS resources and a new entity inspector that provides more information about the selected entity, and helps you navigate to the corresponding logs or metrics. To update the CloudFormation stack with this new template, please follow the instructions on this page

October 5, 2020


We’re excited to announce the general availability of our Observability Solution will be rolling out in the next 48 hours! This feature-rich solution expands to new environments like Kubernetes, and includes tools like Transaction Tracing that work together to ensure you are able to efficiently monitor, troubleshoot, and diagnose issues.


Sumo Logic Observability can help you:

  • Monitor critical indicators of reliability such as errors or latency. 
  • Diagnose or isolate services or resources that might be the immediate cause of reliability issues.
  • Troubleshoot and uncover root cause(s) to guide recovery as well as on-going application reliability.

As it relates to monitoring, the Observability solution now includes:

  • Unified Alerting, across logs and metrics data sources with the ability to specify alert criticality, configure detection rules, set up multiple channels for receiving notifications,  auto-resolve incidents, and a central landing page to triage, administer and manage alerts.

  • AWS Observability features 40+ dashboards to monitor infrastructure on AWS in a comprehensive and intuitive manner across AWS accounts, regions and resource types down to individual entities.


Diagnosing incidents just got easier with:

  • Transaction Tracing to observe apps and microservices to the level of individual requests and pinpoint issues with particular microservices. Our OpenTelemetry standard based tracing capabilities provide an open and flexible standard for observability of microservices transactions without vendor lock-in.  If your service package capabilities have been upgraded to include Tracing, you should see a “Tracing” tab available in your Sumo Logic UI. To start using Tracing or taking advantage of our promotion (90 days worth of trial capacity for free), contact your Sumo representative to activate.


  • Re-vamped Metrics Explorer that decreases the complexity of finding and visualizing your metrics data with a new structured query builder, and an extended range of visualizations for ad-hoc analysis. Mimicking the Dashboard (New) workflow, you now have the same unified experience in the main metrics tab.

  • Global Intelligence for AWS CloudTrail DevOps that helps on-call staff isolate or eliminate AWS errors (availability, throttling, out of stock) as probable cause for their incidents. Available for Enterprise accounts. 

Troubleshooting incidents can now be streamlined thanks to:

  • Root Cause Explorer, an AIOps breakthrough that helps on-call staff accelerate troubleshooting and root cause isolation for incidents in their apps and microservices running on AWS by detecting anomalies in 500+ AWS CloudWatch metrics and automatically categorizes anomalies by incident timeline, AWS account, region, namespace, entities, AWS tags, and more dimensions. This is not enabled by default in your account, and requires you to install the AWS Observability solution, and be an Enterprise account holder.


  • Behavior Insights leverages machine learning to detect patterns, outliers, and changes in underlying service behavior to isolate and automatically explain the root causes of application issues.

Underneath these capabilities is expanded support for Open Source frameworks including Open Telemetry for tracing data and Telegraf for increasing the breadth of technologies we collect metrics from.

September 30, 2020


Update - We’re pleased to inform you of the availability of additional password policy options as well as the updates to the password forms.

September 14, 2020


New - We’re pleased to inform you that a new collection process to export metrics from vRops is now available.

September 10, 2020


New - Participating in Sumo Logic beta programs just got easier. Now, your Account Owner can opt-in to our beta terms and conditions from the Account page in the Sumo UI. You can do the paperwork once, and get access to beta features faster.

September 3, 2020


Update - Auto-Subscribe AWS Log Groups to a Lambda Function integration is updated with configurable delay and support for filtering log groups using tags.

September 1, 2020


New - AWS Observability Solution simplifies the monitoring and troubleshooting of your AWS cloud infrastructure. Switching across multiple AWS accounts, regions and services to understand service health? Get intuitive views and search capabilities across your AWS hierarchies with our AWS Observability Solution. Get real-time insight in minutes with over 40 out-of-the-box dashboards.


New - Root Cause Explorer is an AWS Observability add-on that helps your on-call staff, DevOps, and infrastructure engineers accelerate troubleshooting and root cause isolation for incidents in their apps and micro services running on AWS. Root Cause Explorer helps you correlate unusual spikes also known as Events of Interest (EOIs) in AWS CloudWatch metrics, using the context associated with the incident. 



New - We are excited to announce the release of the Metrics filter operator. You can use the filter operator to limit the results returned by a metric query. There are several ways you can restrict results whether by aggregation function, or on how many times the value of individual data points meet a value condition over a particular duration.

Update - We’ve updated the Host Metrics Source to improve your metrics query experience. We’ve added a new dimension to the network interface metrics that the source collects: description. So, now you can query network interface metrics by the network interface description.


Update - Global Intelligence for AWS CloudTrail is now Global Intelligence for AWS CloudTrail SecOps. You can detect potentially malicious configuration changes in your AWS account by comparing AWS CloudTrail events in your account against a cohort of AWS customers. CloudTrail events are curated from AWS penetration tests and operational best practices. We’ve reduced false positives by filtering out AWS CloudTrail events from legitimate cloud services including AWS itself and CloudHealth by VMware. 

August 21, 2020


New - We're pleased to announce the Artifactory 7 Logs support in the Artifactory App. You can Install the App by selecting the desired version from dropdown.​​​​​​

August 14, 2020


New - We're pleased to announce the etcd3 support in the Kubernetes Control Plane App which provides immediate visibility into etcd3 health, cache statistics, resource usage, and etcd3 logs for quick analysis. On account of metrics renaming in 1.16, the Kubernetes Control Plane App is now available in the below two versions:​​​​​​

  • Kubernetes 1.16 or later.
  • Kubernetes 1.15 or earlier.


August 10, 2020


New - Health Events are now available to all paid accounts. This includes all Enterprise accounts, and also the Cloud Flex Professional and Cloud Flex Credits Essentials account types. Health events allow you to keep track of the health of your Collectors and Sources. You can use them to find and investigate common errors and warnings that are known to cause collection issues. When used in combination with our Enterprise Audit Apps, Health Events provide a proactive monitoring framework, differentiated from our competitors’ reactive solutions, where you need to debug data collection after having suffered data loss or downtime. At present, Health Events provide observability for Collectors and Sources, however, the framework will be extended to other areas of our service as development continues.

health events table.png

Collection health column.png

August 7, 2020


Update - StackRox is updated with security policies to support logical operators. You can now use the AND, OR, and NOT Boolean operators to combine the policy criteria to create highly specific security policies. It also allows you to narrow down the searches to discover the precise image contents, deployment configurations, or runtime activities.

New - We're pleased to announce the CoreDNS support in the Kubernetes App which provides immediate visibility into CoreDNS health, activity and gives an overview of resource usage within clusters.


August 5, 2020


New - We've a new way to collect CloudWatch Logs using the CloudFormation template which uses the Sumo HTTP Endpoint stored securely in AWS SSM Parameter Store.

August 3, 2020


New - We've released a new metric operator: outlier. You can use the outlier operator in metric queries to identify and visualize metrics data points that are outside the range of expected values.


July 30, 2020


New - Archive lets you forward log data from Installed Collectors to AWS S3 buckets to collect at a later time. If you have logs that you don't need to search immediately, you can archive them for later and ingest them on-demand with hourly granularity.

The key new components provided are:

  • An AWS Archive Destination that lets you set up your AWS S3 buckets as archive destinations.
  • A Processing Rule type, “Archive messages that match” that archives log data with Installed Collector Sources.
  • An AWS S3 Archive Source to ingest data from an Archive destination.
  • An Archive page to view all the AWS S3 Archive Sources and ingestion jobs in your account, as well as creating ingestion jobs.

archive page.png

July 23, 2020

Dashboard (New)

New - We're proud to announce the release of Dashboard (New), which provides you deeper visual control across logs and metrics data-sources, so you can build the perfect dashboard for your monitoring and troubleshooting needs. This is the first of many cool updates as we build towards a dashboard framework that is visually expressive, troubleshooting optimized, and hyper-performant.

dashboard RN.png

July 10, 2020


Update - Cloudflare app dashboards have been substantially improved with optimized queries by eliminating unwanted parsing and enhancing the lookup positions through optimization.

July 7, 2020



New - Read all about our new Certification and Training site which you can access from the Certification tab in the product. We've added an Onboarding section as well as improved your self-paced and test taking experience. Also Certification exams in Spanish and Japanese are readily available in any production environment so have fun and get Certified!


New - Sharing is good, over-sharing, not so much. So, we’ve added a new security policy you can use to ensure that shared dashboards don’t display data that users they’re shared with shouldn’t see. The new policy is Data Access Level for Shared Dashboards. If your role grants you the “Manage organization settings” capability, you can enable the new policy on the Manage > Security > Policies page. By default, once you enable this policy, any newly-created dashboards will run under the role search filter of the users it is shared with.

Also with the goal of giving you better control of your data, we've introduced a new role capability: "Change Data Access Level of Dashboards". Users with this capability can change the data access level of dashboards that are shared with them with edit or manage permission.