June 21, 2017
Non-aggregate query speedup. The histogram rendering time is reduced, charting your messages faster.
Removal of 100k pause. Non-aggregate queries are no longer limited to 100k messages at a time.
Be aware of the following changes that come with these enhancements:
- Field counts still cap at 100k messages. When the message count reaches more than 100k, you will see a message: “We only use the first 100,000 messages to calculate the field counts.”
Field counts may still be loading. Field counts load asynchronously, and may still be loading after the histogram renders.
Receipt time still has 100k pause. If your search uses receipt time, you will still see the 100k message limit.
Oldest message sorts first when you reach 100k messages. Although you can have more than 100k messages in the histogram, the oldest message that will be shown is the 100k message. To get around this issue and see the range you want on the histogram, you can:
Reduce the timerange and return the search.
Shift+click on the histogram bar to drilldown into a specific timerange.
June 19, 2017
New Home page experience. Welcome to the Home page for the new Sumo UI. You can immediately launch searches, metrics, Live Tail, and the Setup Wizard directly from Home without having to wrestle with keyboard shortcuts or menu navigation.
You can also access:
Recently Opened Dashboards. Easily access the dashboards you’ve run recently to check on current results or to make modifications.
Recently Run Searches. Easily access the searches you’ve run recently to check on current results or to make modifications.
Recommended Dashboards. Based on current dashboard use in your org, we’ll recommend other dashboards for you to try.
Pinned Searches. Find any search you’ve pinned in Sumo.
Finally, we’d love your feedback. There’s a feedback submission window at the top so that you can reach out and let us know if there’s any way we can improve our design to make your product experience better.
New Learn page. Find out more about Sumo by clicking Learn from the Home page. Learn is designed to help you discover Sumo resources quickly by providing direct links to:
Important how-to videos
Tutorials on setting up and using Sumo for the first time
Support ticket interface
Available training webinars
Feature Request site
What’s New page with the latest product announcements
Threat Intel for AWS App. A new app for Threat Intel for AWS correlates CrowdStrike threat intelligence data with your AWS log data, allowing for real-time security analytics to help detect threats in your environment and protect against cyber-attacks.
The Threat Intel for AWS App scans your AWS CloudTrail, AWS Elastic Load Balancing, and AWS VPC Flow logs for threats based on IP address and provides four pre-built dashboards, an overview and one for each data source.
June 16, 2017
Custom timestamp formats. You can now specify multiple custom timestamp formats per source, where to locate them in your log lines with regex, and test them to see if we can parse that format. We will still auto detect timestamps for you if your custom formats do not parse. See Timestamps, Time Zones, Time Ranges, and Date Formats and Use JSON to Configure Sources
More epoch timestamp support. You can now specify the epoch timestamp token, which will match against 10, 13, 16, or 19-digit epoch timestamps, with or without decimal points. See Timestamps, Time Zones, Time Ranges, and Date Formats.
June 12, 2017
Filter operator. Use the filter operator to filter the output a search using the results of a different search (using the same search expression). The filter operator keeps only the records that match the filter criteria, allowing you to restrict search results to the most relevant information. See filter operator.
June 1, 2017
New UI. This release introduces a new look and feel and experience for the Sumo Logic UI. Navigation is simplified, and it’s now much easier to find the content you’re looking for.
If you're a current Sumo Logic user, you'll find that the navigation and some menu items have changed, but most of your working experience will be just as it was before. During the rollout period, we encourage you to start right away with the new UI. That way you'll get used to the changes and can start realizing the benefits. New UI highlights include:
- Improved navigation. The menus that used to be on the top of of the UI are now on the left side (we call it the 'left nav'). The menus have been reorganized and some menu and page names have changed. See Navigate Around the New Sumo Logic UI to learn how the navigation compares for the new UI and classic UI.
- Switch between your tasks in Sumo Logic with the tab bar. The top tab bar allows you to keep multiple pages open at the same time and easily navigate between them. The tabs persist across login sessions, and you can switch context without jumping to new browser tabs or windows. This includes having multiple dashboards open in separate tabs. See Welcome to the new Sumo Logic UI.
- New log searches, metrics visualizations, and Live Tail sessions. It's now more convenient start working with logs or metrics. If you click the + icon in the Tabs area, you'll see options to select search, metrics, or Live Tail. See Welcome to the new Sumo Logic UI.
- Library. The Library contents are available from the left nav or the Library page. This is the first step in providing enhanced content sharing capabilities, which we’ll be continuing to roll out in upcoming releases. See Welcome to the New Library.
- App Catalog. You can access the App Catalog directly from the left nav to search for and install apps. See the topics under Data Types.
- Home page. The new Home page provides quick access to recently opened dashboards and searches. See Welcome to the new Sumo Logic UI.
Keyboard shortcuts. Keyboard shortcuts have changed for the new UI. See Keyboard Shortcuts for the New UI.
Apps. The App Catalog has a new preview option. If you’re not sure what dashboards you’ll get with an app, you can click the Preview Dashboards link in the App Catalog to see a preview of the dashboards included with the app.
New tutorials. We’ve updated our Quick Start tutorials to better reflect the different getting started experiences for setting up Sumo Logic and using Sumo Logic. See the new tutorial topics under Start Here.
Data Volume App updated. The Sumo Logic App for Data Volume allows you to view at a glance your account's data usage volume by category, collector, source name, and hosts. The app uses predefined searches and a Dashboard that provide visibility into your environment for real-time analysis of overall usage.
The Overview dashboard has been updated to provide a more comprehensive view of your Logs and Metrics data use.
The following dashboards have also been added:
- Data Volume - Logs See your log ingest volume in greater detail, outlining ingest spikes, outliers, and quota.
- Data Volume (Logs) by various metadata fields - Drill down on source metadata, using the metadata you've created within Sumo to better define your log sources.
- Data Volume - Metrics. Review details of your data ingest to identify areas of high-volume ingest.
May 29, 2017
New Accumulate Operator for Metrics. The
accum metrics operator provides a running total over time of certain metrics. Use this when you are measuring a rate, and you want to understand the total number of occurrences. See accum.
Multi-Query Math/JOIN for Metrics. Compare multiple different metrics in new ways to derive new insights. For example, compare network output and CPU use.
May 23, 2017
AWS Elastic Load Balancer - Classic. The AWS Elastic Load Balancer App has been renamed and updated to provide new panels and dashboards such as the Failed Dispatch Monitoring Dashboard to help you better investigate your AWS ELB usage.
Time Bucketing/Metrics quantization. When you’re visualizing metrics data, the time axis is fundamental to understanding your data.
- Multiple time series (lines on the chart) should line up in a way that makes it easy to understand and compare behavior (for example, at 10:25AM server1 had 95% CPU usage and server2 had 50% CPU usage).
- As you change the time scale, the granularity of the data points should change accordingly (for example, 1 second resolution for a metric over 30 days doesn’t make sense).
This capability is called quantization. The quantization interval aligns your time series data to common intervals on the time axis (for example every one minute) to optimize the visualization and performance. See Work with Metrics Visualizations.
May 2, 2017
Threat Intel Quick Analysis App. This App correlates CrowdStrike's threat intelligence data with your own log data, allowing for real-time security analytics to help you detect any threats in your environment, while protecting against sophisticated and persistent cyber-attacks. The Threat Intel Quick Analysis App scans your selected logs for threats based on IP, file name, URL, domain, Hash 256, and email. See Threat Intel Quick Analysis App.
Dashboard Sharing updates. You can now share Dashboards with just your organization (whitelist) or with everyone. The permission to share dashboards is now spit into two groups:
- Share Dashboards with the Whitelist
- Share Dashboards with the World
April 28, 2017
PCI Compliance for AWS CloudTrail App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for AWS CloudTrail App offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for AWS CloudTrail App covers PCI requirements 02, 07, 08 and 10. See PCI Compliance for AWS CloudTrail App.
April 27, 2017
Fastly App. Fastly is a content delivery network (CDN) that provides you control over how and where you serve content, access to real-time performance analytics, and the ability to cache unpredictably changing content at the edge. With the Sumo Logic Fastly App, you can examine performance by origin, quality of service, and monitor your visitor traffic for important patterns using pre-defined searches and Dashboards for real-time visibility into your environment. See Fastly App.
April 26, 2017
PCI Compliance for Linux App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Linux offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Linux App covers PCI requirements 02, 07, 08 and 10. See PCI Compliance for Linux App.
PCI Compliance for Windows App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Windows offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Windows App covers PCI requirements 02, 06, 08 and 10. See PCI Compliance for Windows App.
April 24, 2017
AWS Elastic Load Balancer - Application App. This App ingests logs stored in an S3 bucket, giving you the visibility to see the overall health of your Application Load Balancer and Target Groups. Use the Sumo Logic App to analyze raw Application Load Balancer data to investigate the availability of applications running behind Application Load Balancers. See AWS Elastic Load Balancer - Application App.
March 28, 2017
Histogram Time Range Selection. You can highlight a time range in the search results histogram to filter your search results in the Messages tab based on that time range. See Change the Time Range in the Histogram.
Cloud Syslog Source. Documentation for the Cloud Syslog Source beta feature has been updated to expand the rsyslog and syslog-ng information and include troubleshooting suggestions. See Beta - Cloud Syslog Source.
March 27, 2017
OneLogin. OneLogin is an Identity Management provider that supplies a comprehensive set of enterprise-grade identity and access management solutions, including single sign-on (SSO), user provisioning, and multi-factor authentication. The Sumo Logic App for OneLogin provides real-time visibility and analysis of OneLogin user activity through event data, such as user logins, administrative operations, and provisioning. See OneLogin App.
March 16, 2017
Metrics Monitors, Alert on Missing Data. For your metrics query, you can monitor your time series to alert you when data has not been seen for a specified time period. These notifications can be sent via email or webhook connections such as Slack or PagerDuty. See Metrics Monitors and Alerts.
March 1, 2017
2-Step Verification. Sumo Logic now offers 2-Step Verification, also known as two-factor authentication, as an optional feature for customers to enhance security and secure sensitive data stored in Sumo Logic. When 2-Step Verification is configured, the user is prompted for an additional security code after authenticating with their username and password. The user obtains the additional security code from a configured device. See About 2-Step Verification.
February 22, 2017
Log overlay. Metrics visualizations give you a clear picture of WHAT is happening in your environment. By adding log overlays to your metrics visualizations, you can investigate WHY behavior is occurring and what corrective action might be called for. Log overlays help you correlate the performance shown in your metrics visualizations with logged events that could be responsible for changes in behavior. See Use Log Overlay to Analyze Metrics Visualizations for more information.
Share Dashboards Outside of Your Organization. You can share your live dashboards in view-only mode with no sign-in required, with an option to restrict access to viewers connecting from IPs / CIDRs specified in your service whitelist. This feature must be enabled by an administrator on the Manage > Security > Sumo Logic Policies page. See Share Dashboards for more information.
January 30, 2017
Throttling multipliers increased. Based on extensive testing, the multipliers for throttling based on daily average account size have been increased, in order to reduce the number of customers being throttled. See Manage Ingestion for more information.
|Account Size - Daily Average||Old Multiplier||New Multiplier|
|Less than 100GB per day||7.0x||7.5x|
|Between 100-256GB per day||5.6x||6.0x|
|Between 256-512GB per day||4.2x||4.5x|
|More than 512GB per day||2.8x||3.0x|
January 13, 2017
Metrics Data Volume Index. Metrics have been added to the Data Volume Index to provide visibility into the ingest volume as measured in data points. See Enable and Manage the Data Volume Index.
January 4, 2017
Metrics Monitors and Alerts. For your metrics query, you can set a monitor on a time series to alert you when the metric has crossed a static threshold, and then send an email alert. You can set a maximum of one critical alert and one warning alert for each monitor. For details see Metrics Monitors and Alerts.
Webhook Connection for Microsoft Azure Functions. You can trigger an Azure function directly from a Scheduled Search or metrics monitor by configuring a Webhook connection in Sumo Logic. For details see Webhook Connection for Microsoft Azure Functions.
Webhook Connection for AWS Lambda. You can trigger an AWS Lambda function directly from a Scheduled Search or metrics monitor by configuring a Webhook connection in Sumo Logic. For details see Webhook Connection for AWS Lambda.
December 22, 2016
Custom Time Range. For searches and metrics, you can specify the time range relative to the current time, or specify a custom time range. For details see Set the Time Range.
December 21, 2016
Metrics Outliers. The metrics outlier feature allows you to identify metrics data points that are outside the range of expected values. You can use outliers to pinpoint unusual behavior in your metrics visualizations and track the behavior over time. Flexible controls are available for you to decide how unexpected a value must be to be labeled an outlier and the number and type of outliers to display. For details see Metrics Outliers.
Time Compare. The Time Compare button becomes available in the Aggregates tab when you run an aggregate search, and allows you to run a compare operation automatically from your search results. For details see Time Compare.
December 13, 2016
Manage S3 Data Forwarding Role Capability. The Manage S3 Data Forwarding Role Capability allows users with this role to manage S3 data forwarding from Sumo Logic to an S3 bucket. For details see Role Capabilities.
December 9, 2016
Color Palette Selector for Metrics. You can specify the color palette for your metrics visualization at the time series, query, and chart level. Settings at the query level overwrite settings at the chart level, and settings at the time series level overwrite settings at the query and chart levels. For details, see Work with Metrics Visualizations.
November 22, 2016
Sumo Logic App for Amazon EC2 Container Service (ECS). The Sumo Logic App for Amazon ECS provides preconfigured searches and Dashboards that allow you to monitor various metrics (CPU and Memory Utilization, CPU and Memory Reservation) across ECS clusters and services. The App also monitors API calls made by or on behalf of Amazon ECS in your AWS account. For details see Amazon EC2 Container Service (ECS).
Sumo Logic App for AWS Elastic Load Balancing Metrics (Preview). The Sumo Logic App for AWS Elastic Load Balancing Metrics allows you to collect and analyze CloudWatch Elastic Load Balancing for Application Load Balancer (ALB) and Classic Load Balancer (CLB) metrics and analyze your ELB system. The App provides preconfigured searches and Dashboards that allow you to monitor Metrics Hosts (healthy and unhealthy), HTTP backend codes, latency and requests, and more. For details see AWS Elastic Load Balancing Metrics App. This is a Preview App.
Sumo Logic App for Amazon Inspector (Preview). Amazon Inspector allows you to monitor your AWS resources for potential security risks. The Sumo Logic App for Amazon Inspector provides preconfigured searches and Dashboards that give you instant access to an overview of Amazon Inspector as well as details on assessments, runs, and findings. For details see Amazon Inspector App. This is a Preview App.
November 17, 2016
Sumo Logic App for Evident.io ESP (Preview). The Sumo Logic App for Evident.io ESP provides preconfigured searches and Dashboards that allow you to investigate Evident-specific events and provide operational visibility to team members without logging into Evident.io. For details, see Evident.io Evident Security Platform App. This is a Preview App.
November 16, 2016
Sign up for Sumo Logic via the AWS Marketplace. You can sign up for Sumo Logic via the AWS Marketplace. This creates a new Sumo Logic organization and account, and allows you to pay your bill using your Amazon account. For complete details, see Sign Up for Sumo Logic via the AWS Marketplace.
Sumo Logic App for Amazon RDS Metrics (Preview). The Sumo Logic App for Amazon RDS Metrics provides visibility into your Amazon Relational Database Service (RDS) Metrics collected via a CloudWatch Metrics Source. The App’s Dashboards provide preconfigured searches and filters that allow you to monitor your RDS system's overview, CPU, memory, storage, network transmit and receive throughput, read and write operations, database connection count, disk queue depth, and more. For details, see Amazon RDS Metrics. This is a Preview App.
Pause and Resume an S3 Source. You can pause an S3 Source at any time to stop the Source from sending data from the Source to Sumo Logic. Locate the Source on the Manage > Collection page, and click Pause. Click the Resume link when you are ready for the Source to start sending data again. For details, see Pause and Resume an S3 Source.
November 10, 2016
AWS Metadata Source for Metrics. The Sumo Logic AWS Metadata Source allows you to collect tags from EC2 instances running on AWS. The metadata is automatically attached to host metrics collected from EC2 instances. See AWS Metadata Source for Metrics.
November 9, 2016
Delta and Rate operators for Metrics Queries. Support has been added for delta and rate operators for metrics queries. For details, see the table of operators in Metrics Queries.
November 8, 2016
Sumo Logic Service Status Indicator. If there has been an outage on your deployment (or pod), the Service Status Indicator displays: at the top of the Help menu, next to Help > Service Status, and next to the title of a Dashboard. For more information, go to Help > Service Status. This will take you to a web page for your pod with details on any outages, incidents, or planned maintenance. For complete details, see Help Menu.
November 7, 2016
Trend Micro Deep Security Preview App is Now GA. The Sumo Logic App for Trend Micro Deep Security is now fully GA. You can install it from Library in the Apps tab. For complete details, see Trend Micro Deep Security App.
November 1, 2016
PagerDuty Preview App is Now GA. The Sumo Logic App for PagerDuty is now fully GA. You can install it from Library in the Apps tab. For complete details, see PagerDuty App.
GitHub Preview App is Now GA. The Sumo Logic App for GitHub is now fully GA. You can install it from Library in the Apps tab. For complete details, see GitHub App.
Google Apps Preview App is Now GA. The Sumo Logic App for Google Apps is now fully GA. You can install it from Library in the Apps tab. For complete details, see Google Apps App.
GZIP Auto Detection for AWS S3 Sources. An S3 Source can collect either plain text or gzip-compressed text. Data is treated as plain text by default, but gzip decompression will be used if both of the following conditions apply:
- The target file has a .gz or .gzip extension, or no file extension.
- The target file's initial bytes match the gzip file format.
For complete details, see AWS S3 Source.
Scheduled Search Email Customization. For scheduled searches, you may now customize the subject and contents of your results email in the Schedule this search dialog. Use variables to customize the subject or your email. Then select check boxes to show or hide the Search Query, Result Set, Histogram, and attach the results as a CSV attachment. (The maximum CSV file size allowed is 5MB or 1,000 results.) For complete details see Schedule a Search.
October 31, 2016
Last Login on the Manage > Users Page. The Manage > Users page now includes information on a user's last login date. If a user is inactive, the status displayed is Never. If no login information is currently available, but the user is active, the status displayed is N/A. Information will be provided the next time the user logs in. For complete details, see Manage Users.
October 26, 2016
Amazon CloudWatch Source for Metrics Total Metrics Field. The Total Metrics field displays the total number of metrics that will be collected if the Source is created with the current configuration. The field automatically refreshes the count when there are changes to the following fields: Regions, Namespaces, Access Key ID, and Secret Access Key. For complete details, see Amazon CloudWatch Source for Metrics.
New Scheduled Search Run Frequency Options. You may now select new Run Frequency options for your Scheduled Searches, including:
- Daily. Select that your search runs every Day, every Weekday (Mon-Fri) or Weekend (Sat-Sun) and the time.
- Weekly. Also select the day of the week that it runs and the time.
- Custom Cron. Enter a custom CRON expression.
For complete details, see Schedule a Search.
October 25, 2016
Percentile (pct) Operator Improvement. The pct operator has been improved to provide smarter results using the t-digest algorithm, which:
- Provides more accurate results.
- Supports higher-precision percentiles (such as 99.9th and 99.99th percentiles).
October 10, 2016
Sort by Aggregates Tab Column Headers. On the Search page, in the Aggregates tab, you can now use the table chart column headers to sort your results, like you would in a spreadsheet. For details, see How to Use the Search Page.
State of the Aggregates Tab is Saved with a Saved or Shared Search. When you save or share a search, the current state of the Aggregates tab is also saved. So if you have created a chart, it will be displayed. When you update your chart, a new link or code is generated in the Share Search dialog. For details, see Save a Search and Share a Link to a Search.
Sumo Logic App for Zscaler Web Gateway. The Sumo Logic App for Zscaler Web Gateway collects logs from Zscaler via Nanolog Streaming Service (NSS) to populate pre-configured searches and Dashboards in order to visualize and provide insight into web traffic behaviors, security, user browsing activities, and risk. This is a Preview App.
October 6, 2016
Field Browser now Supports Aggregate Query Results. Formerly, the Field Browser was available on the Messages tab for only non-aggregate queries. Now, it is available for aggregate query results as well. For complete details and limitations, see Field Browser.
October 4, 2016
Manage Indexes Role Capability. The Manage Indexes Role Capability allows users with this role to manage Partitions and Scheduled Views. For details see Role Capabilities.
September 26, 2016
Sumo Logic App for CrowdStrike Falcon Host (Preview). The Sumo Logic App for CrowdStrike Falcon Host allows you to analyze CrowdStrike security events by type, status, and detection method. You can use the App to investigate CrowdStrike-specific events and provide operational visibility to team members from pre-configured searches and Dashboards, without logging into the CrowdStrike console. This is a Preview App.
September 23, 2016
Deprecation of Username/Password for Collector and Source API Authentication. As of September 28, username and password will no longer be supported for API authentication. The API topics have been updated accordingly. See API Authentication.
September 15, 2016
Timezone for Scheduled Search. Sumo Logic now allows you to select the timezone that your scheduled search will use. For details, see Schedule a Search.
View or Download Collector or Source JSON Configuration. You can view and download a JSON configuration file for a Collector or Source from Sumo Logic:
- For Collectors, the JSON file defines a set of Sources used to register a new Collector.
- For Sources, the JSON file defines a single Source to use when managing a folder of multiple Sources or when uploading a new Source using the API.
Downloading the configuration allows you to create scripts to configure multiple Collectors and Sources or to create configuration backups. See View or Download Collector or Source JSON Configuration.
Managing Users and Roles. The ability to manage users and roles can now be expanded beyond admin users. When adding or editing a role, you can add the ability to manage users and roles on the Capabilities tab. See Role Capabilities.
September 12, 2016
Real Time Alert Time Range Limitation. The time range limit for Real Time Alerts has changed. It must now be between 5 and 15 minutes. Previously, it was between 1 and 15 minutes. For details, see Create a Real Time Alert.
Search Results Headers are Now Static. When you run a search query, resulting messages are displayed in the Messages, Aggregates, or Signatures tabs in the lower half of the browser window. The search results headers are now static. For details, see Navigate Through Messages in Search Results.
September 8, 2016
Click the Sumo Logic Logo to Go to the Search "Home" Page. Within the Sumo Logic Web Application, on the Dashboards page, or in the Setup Wizard, click the Sumo Logic logo to return to the Search page, which is considered the Sumo Logic "home" page. For details, see How to Use the Search Page.
September 1, 2016
Scheduled Search Email Alert Template Improvements. The Scheduled Search Email Alert template is now easier to read and includes more pertinent information, including the title of the saved search, description, search query string, time range, run frequency, notification threshold, time that the scheduled search was run, and the name and email of the person who scheduled the search. For complete details, see Receive Email Alerts from Scheduled Searches.
August 29, 2016
Host Metrics App is GA. The Sumo Logic App for Host Metrics allows you to collect your local host metrics and display them using predefined search queries and Dashboards. The App provides Dashboards to display analysis of local host metrics for the CPU, disk, memory, network, and TCP. For details see Host Metrics App.
August 22, 2016
Setup Wizard Metrics Sources. The Setup Wizard now supports the following metrics Sources: Host Metrics, and Graphite-Formatted Metrics including CollectD, DropWizard, and StatsD. For complete details, see Collect Streaming Data for Metrics.
August 15, 2016
Sumo Logic App for Host Metrics (Preview). The Sumo Logic App for Host Metrics allows you to collect your local host metrics and display them using predefined search queries and Dashboards. The App provides Dashboards to display analysis of local host metrics for the CPU, disk, memory, network, and TCP. This is a Preview App.
Search Cookbook (Beta). Doc Hub has a new section, a Problem / Solution / Discussion format that provides an alternative way to access the documentation. Because it is a Beta Release, we're looking for everyone's feedback.
August 11, 2016
New! Longer Web Session Timeouts Available. On the Preferences page, you can now select new longer web timeout session times, from 1 day to 7 days. For details, see Preferences Page.
The Sumo Logic App for Azure Web Apps (Preview). The Sumo Logic App for Azure Web Apps allows you to collect Azure web server and application diagnostics logs and monitor the health of your Azure Web Apps environment. The App provides preconfigured Dashboards that allow you to monitor server operation and traffic requests and response times. This is a Preview App.
August 9, 2016
Sumo Logic App for Trend Micro Deep Security (Preview). The Sumo Logic App for Trend Micro Deep Security works with system and security events to monitor event history such as anti-malware, IPS, web reputation, firewall, integrity and log inspection events. For complete details, see Trend Micro Deep Security App. This is a Preview App.
August 8, 2016
JFrog Artifactory Sumo Logic Integration. JFrog Artifactory is a universal Artifact Repository Manager that integrates with CI/CD and DevOps tools to provide artifact tracking. The JFrog Artifactory Sumo Logic integration provides the ability to access preconfigured Sumo Logic Dashboards directly from Artifactory that will allow you to analyze data from your Artifactory logs. Enable the JFrog Artifactory Sumo Logic integration directly from Artifactory. When you enable the integration, a Connector and Source are automatically configured, and the Sumo Logic App for Artifactory is automatically installed. For details, see JFrog Artifactory Sumo Logic Integration.
Collector Upgrade Notifications in the Audit Index. The status is provided to the Audit Index (_index=sumologic_audit) for each event in the User Activity Source Category (_sourceCategory=user_activity), and Collector Source (_sourceName=COLLECTOR), including the returned log message of success or failure. For complete details, see Enable and Manage the Audit Index.
August 2, 2016
Metrics. Sumo Logic is now a unified machine data analytics platform for logs and metrics. With the introduction of metrics, you can measure infrastructure, such as operating system performance or disk activity; application performance; or custom business and operational data that is coded into an organization’s applications. You can track key performance indicators (KPIs) over time, determine if an outage has occurred and restore service, or determine why an event occurred and how it might prevented in the future. For details, see Metrics.
August 1, 2016
Predict Operator Autoregressive (AR) Model. The Predict Operator now also includes support for the autoregressive (AR) model, which predicts future data points, along with the linear regression that predicts existing data points. For complete details, see Predict.
Field Extraction Rules now Support JSON and CSV. Field Extraction Rules (FERs) now support the JSON and CSV operators. (JSON auto and CSV auto) are not supported. For details, see Create a Field Extraction Rule.
July 28, 2016
Sumo Logic App for Auth0 (Preview). Auth0 is a cloud-based, extensible identity provider for applications. The Sumo Logic App for Auth0 makes it easy to analyze and visualize your Auth0 event logs, and provides insight into security and operational issues. This is a Preview App.
July 19, 2016
New UI for Users and Roles. As the first step in introducing advanced Role Based Access Control (RBAC) to Sumo Logic, the UI for the Manage > User and Manage > Roles pages has been updated. The new UI provides Sumo Logic administrators with an easy and intuitive way to create new roles based on business needs, define the capabilities the roles can access, assign users to roles, and manage the settings for users, roles, and capabilities. For complete details, see Users and Roles.
July 15, 2016
The Sumo Logic App for Azure Audit (Preview). The Sumo Logic App for Azure Audit allows you to collect Azure Audit logs and monitor the health of your Azure environment. The App provides preconfigured Dashboards that allow you to monitor Active Directory activity, resource usage, service health, and user activity. For complete details, see Sumo Logic App for Azure Audit. This is a Preview App.
July 13, 2016
Secure Third-Party Service Access. Within Sumo Logic, several links in the Help menu connect to third-party services, such as Support, Feature Request, and Community. Users that do not authenticate to Sumo Logic using a username and password are required to complete the email verification process. This usually applies to users that log in using a third-party Single Sign-On (SSO) service implementing SAML, users that access Sumo Logic from the Heroku add-on, and users of other Sumo Logic integration partners that provide SSO. For complete details, see Secure Third-Party Service Access.
July 5, 2016
Search Links Lifetime Extended to Three Years. Previously, the lifetime of a search link was only 30 days. This lifetime has been extended to three years. For details, see Share a Link to a Search.
June 30, 2016
Information about Throttling Notifications Added to Audit Index. Status is now provided to the Audit Index when throttling events occur. See the "Throttling Notifications" section in Enable and Manage the Audit Index.
June 28, 2016
fillmissing operator. When you run a standard group-by query, Sumo Logic only returns non-empty groups in the results. For example, if you are grouping by timeslice, then only the timeslices that have data are returned. The fillmissing operator addresses this shortcoming, by allowing you to specify groups that should be represented in the output, even if those groups have no data. For complete details, see fillmissing.
Sumo Logic App for Cylance (Preview). The Sumo Logic App for Cylance allows you to analyze Cylance security events by type, status, and detection method. You can use the App to investigate Cylance-specific events and provide operational visibility to team members without needing to log into Cylance. This is a Preview App.
June 27, 2016
Account Page Updates. The Account page has been updated to provide more information on your Sumo Logic Organization, users, and retention period, and the current and previous billing periods. Your Account's Organization ID was previously displayed on the Preferences page, but now it is displayed on the Account page. Also, the Usage Reports page has been removed, as that information is now on the Accounts page.
Change the Name of the Org. The Account Owner can change the display name of their Organization. This can be useful if you are using Multi-account Access to switch between several Sumo Logic Organizations.
Multiline Processing Enabled by Default in the UI. Multiline processing for Sources is now enabled by default in the Sumo Logic Source Configuration UI, to be consistent with the API configuration. For details, see Define Boundary Regex for Multiline Messages.
June 22, 2016
Sumo Logic App for MongoDB - Preview to GA. The Sumo Logic App for MongoDB has graduated from a Preview App to a fully supported GA Sumo Logic App. It can now be found in the Library under the Apps tab.
May 31, 2016
Change Email Address. As a user, you can now change your email address in Sumo Logic. Or as an administrator, you can change a user's email address. For details, see Change Your Email Address and Change a User's Email Address.
Quick Search for Collectors and Sources. You can quickly start a search for a Collector, Source, or Source Category from the Manage Collection page. For instructions, see Quick Search for Collectors and Sources.
May 26, 2016
Sumo Logic App for Microsoft Office 365 - Preview to GA. The Sumo Logic App for Microsoft Office 365 has graduated from a Preview App to a fully supported GA Sumo Logic App. It can now be found in the Library under the Apps tab.
May 24, 2016
Sumo Logic App for AWS Lambda - Preview to GA. The Sumo Logic App for AWS Lambda has graduated from a Preview App to a fully supported GA Sumo Logic App. It can now be found in the Library under the Apps tab.
Export and Import Content In the Library. In the Library, you can export content as JSON, including whole folders with subfolders, saved searches, and Dashboards. Then you can import the content as JSON into the Personal folder in the same Sumo Logic organization. (All content names must be unique.) You can also export and download your content as a JSON file to import it into another Sumo Logic organization.
For complete details, see Export and Import Content in the Library.
May 17, 2016
Sumo Logic App for Artifactory Refresh. The Sumo Logic App for Artifactory has been refreshed with new Overview Dashboard Panels and other important updates. For complete details, see Artifactory App.
May 13, 2016
Sumo Logic App for MongoDB. The Sumo Logic App for MongoDB provides insight into your MongoDB environment, allowing you to track overall system health, queries, logins and connections, errors and warnings, replication, and sharding. This is a Preview App.
May 5, 2016
Sumo Logic App for PagerDuty. The Sumo Logic App for PagerDuty collects incident messages from your PagerDuty account via a webhook, and displays that incident data in pre-configured Dashboards, so that you can monitor and analyze the activity of your PagerDuty account and Services. This is a Preview App.
April 29, 2016
New Dashboards. New Dashboards combine all of the functionality of Interactive and Live Dashboards in a unified environment. The interactive mode is now the default when you open a Dashboard, and you can click a toggle to go to Live mode. For details, see About Dashboards.
April 27, 2016
Unlock a User's Account. If a user tries to log into their account several times and fails, his or her account will be locked out for security reasons. During the lockout period, an administrator may now unlock a user's account manually. For details, see Unlock a User's Account.
April 25, 2016
Sumo Logic App for AWS Lambda. The Sumo Logic App for AWS Lambda uses the Lambda logs via CloudWatch and visualizes operational and performance trends about all the Lambda functions in your account, providing insight into executions such as memory and duration usage, broken down by function versions or aliases. This is a Preview App.
April 20, 2016
Sumo Logic Multi-account Access. For users with accounts in multiple deployments, Multi-account Access allows you to log into multiple Sumo Logic accounts (also called organizations) using one username (email address) and password. If the same username already exists in more than one Sumo Logic organization, the accounts are linked automatically. No action is required, though initially, you will be asked to change your password. When you do, this will become your multi-account password. After you log into Sumo Logic, in the menu under your name, you will see the list of organizations that you can access under Switch Org.
Other important notes:
- Sumo Logic Multi-account users may have access to organizations that use different Password Policies. With Multi-account, the password policy data from different organizations is centralized.
- For Multi-account users, Collector registration with username and password is longer supported. Multi-account users must use the token or accessid/access key option.
- Also, with Multi-account, to use the API, like with Collectors, you will not be able to log in using a username and password. You will be required to use an Access ID and Access Key.
For complete details, see Multi-account Access.
April 15, 2016
Search the Library for Content Types. In the Library, in the Personal folder, you can now use the search field to search for certain content types. For example, you could enter type:search and the results would list all saved searches. You may also search for folders, Dashboards, and Scheduled Searches. For complete details see Search the Library.
April 12, 2016
Early access to Unified Logs and Metrics. Interested customers can log in to Sumo Logic, then click the new Metrics page to gain early access to the Sumo Logic Metrics feature set, which delivers advanced analytics, powered by machine learning algorithms, for unified log data and time-series metrics.
Scheduled searches are retained when a user is deleted. Previously, when a user account was deleted from Sumo, the user's content was added to a "Content from deleted user..." folder in an Admin account, but scheduled searches were stopped. Now, schedule information associated with searches is retained, even when a user account is deleted. Notifications continue to arrive via email to the same recipients.
April 6, 2016
Preview Tab in the Library, Featuring Preview Apps. Preview Apps are Sumo Logic Apps that are currently under development, but are not yet released or officially supported. They appear in the Library under the Preview tab. You can install and use Preview Apps to test how well their use cases work for you, and provide feedback to Sumo Logic.
New Preview Apps include:
Delete the Organization for a Free or Trial Account. The owner of a Sumo Logic Free or Trial account may delete his or her Organization from Sumo Logic, which will close the account permanently. When you delete your Organization, you will delete all users and data from Sumo Logic, close the account, and log yourself out as a user.
Merge operator and revised Transactionize operator. The new Merge operator summarizes a set of events and works with changes to the Transactionize operator. The _group_signature field added by the Transactionize operator is now deprecated, replaced by the Merge operator.
February 17, 2016
LogCompare. LogCompare allows you to compare a section of your log messages from one point in time with the same section at another point in time, and display the changes in patterns. For example, you could use LogCompare to determine if your last software deployment has broken something. To use LogCompare, run a search query with non-aggregate results, then click the LogCompare button in the Messages tab. This automatically compares the current query result with the result of the same query 24 hours in the past to show what has changed.LogCompare to determine if your last software deployment has broken something. To use LogCompare, run a search query with non-aggregate results, then click the LogCompare button in the Messages tab. This automatically compares the current query result with the result of the same query 24 hours in the past to show what has changed.
Date Format preference. On the Preferences page, you can now choose an option for Date Format, which sets how dates appear on the Search page and in saved searches. Changing this from the default option (which uses your browser's default date format) has no affect on collection or timestamps of logs.
February 3, 2016
Manage Security Page UI Update. The Manage > Security page user interface has been updated with fonts, colors, and a new tab style. Some settings have changed locations.
February 2, 2016
Live Tail CLI. The Live Tail Command Line Interface (CLI) is a standalone application that allows you to start and use a Live Tail session from the command line. With the Live Tail CLI, just as with Live Tail in the Sumo Logic Web Application, you can search and filter on the following metadata fields: _sourceCategory, _sourceHost, _sourceName, _source, or _collector. You may also filter on keywords.
In Operator. The In operator returns a Boolean value: true if the specified property is in the specified object, or false if it is not.
January 30, 2016
Access to Partion and Scheduled View Management pages. Non-admins can now view the Manage > Partitions and Manage > Scheduled Views pages. While only Admins can create and manage these search optimization tools, non-Admins may find it useful to see the available Partitions and Scheduled Views.
Sumo Logic App for AWS ELB. The Sumo Logic App for Elastic Load Balancing ingests logs generated by this activity, providing greater visibility into events that, in turn, help you understand the overall health of your EC2 deployment.
January 22, 2016
Sumo Logic App for Box. The Box App has been updated with new scripts and instructions for collecting Box Events. There are no changes to the Dashboards.
January 21, 2016
Live Tail. Sumo Logic Live Tail allows you to see a real-time live feed of log events associated with a Source orCollector, which you can use as a tool for development and troubleshooting. The Live Tail user interface mimics the command line with a solid black background and easy to read white text. It provides all log messages as they come in, with low latency.
You can start and filter a Live Tail session using the following supported metadata categories: _sourceHost, _sourceCategory, _sourceName, _source, and _collector.
Other Live Tail features include multiple Live Tail sessions, opening your Live Tail query in the Search page (or Show in Search), opening your Live Tail session in a new "pop-out" window, and changing the preferences of your Live Tail display, including line spacing, message text size, and message color.
January 13, 2016
Export 100,000 records. You can now export 100,000 records from Sumo Logic. The previous limit was 10,000 (via the UI).
December 21, 2015
Docker Sources. There are two new Sources for Docker on Installed Collectors:
- Docker Logs. Collects stdout/stderr logs from processes that are running within Docker containers.
- Docker Stats. Collects metrics about Docker containers.
Sumo Logic App for Docker update. The Sumo Logic App for Docker has been updated to use the new Docker Logs and Docker Stats Sources.
Sumo Logic App for AWS Config. The Sumo Logic App for AWS Config presents modification notifications that contain snapshots of resource configurations and information about the modifications made to a resource. The app uses predefined Live and Interactive Dashboards and filters, which provide visibility into your environment for real-time analysis of overall usage. The app leverages AWS Config’s Simple Notification Service (SNS) notifications.
Setup Wizard Updates. The Setup Wizard now includes automatic configuration for Akamai Sources.Akamai Sources.
Timezone Offset for Timestamps. The timezone offset is now displayed in timestamps in two places: in search results in the Messages tab, and in the search timerange selector pop-up.
Median Operator. In order to calculate the median value for a particular field, you can utilize the Percentile (pct) operator with a percentile argument of 50.
Mac Keyboard Shortcuts. Mac keyboard shortcuts are now supported on the Search page in the search query box.
Display more than 15 results in the Messages tab. In the Messages tab Preferences menu, you may now select to display 25, 50, or 100 log messages for your default number of search results.
November 4, 2015
Setup Wizard Updates. The Setup Wizard now includes automatic configuration for Windows Events and Apache Tomcat data Sources. You can also add additional Sources to existing Collectors through the Setup Wizard.
October 20, 2015
Sumo Logic Add-on for Heroku. Heroku is a platform that allows developers to build applications in the cloud. Sumo Logic provides an add-on for Heroku that fully integrates the power of Sumo Logic log analytics for Heroku users. When you install the Sumo Logic add-on for Heroku from the Heroku site, a Sumo Logic account is provisioned for you, and your application logs are automatically forwarded to this account.
Changing the Account Owner. Sumo Logic Free and Sumo Logic Professional accounts have an Account Owner. By default the Account Owner is the Admin who set up the account/signed up for the account. The Account Owner can reassign the role to another user in his or her organization. This setting was previously on the Billing page, but it is now on the Account page under Account Ownership. This setting is only visible to the Account Owner. For details see Account page.
October 5, 2015
Webhooks. The new Webhook alert type allows you to easily fire off alerts from Sumo Logic Scheduled Searches into a variety of third-party tools such a Slack, PagerDuty, VictorOps, and Datadog. Webhooks can also enable easy integration to your own custom app or unlock a variety of use cases via third-party integration.
September 19, 2015
Google Apps Audit Source. The new Google Apps Audit Source uses the Google Apps Reports API to ingest all audit logs via watchpoints to collect activity from Google apps such as Admin, Calendar, Drive, Login, and Token. This Source runs on a Hosted Collector in the Sumo Logic Cloud.
Sumo Logic App for Amazon VPC Flow Logs. Amazon’s Virtual Private Cloud (VPC) Flow Logs contain information about the IP network traffic of your VPC, allowing you to troubleshoot traffic and security issues. TheSumo Logic App for Amazon VPC Flow Logs leverages this data to provide real-time visibility and analysis of your environment. It consists of predefined searches, Live Dashboards, and Interactive Dashboards.
isNull improvements. isBlank and isEmpty have been added to isNull for finding strings that are null, are empty, or consist of whitespace.
Updated Dashboard Icons. Icons on the Dashboard page have been updated to use a font set consistent with the UI. The Sharing Settings icon has changed the most. When you have shared a Dashboard, instead of showing a green check mark, the icon turns blue.
Enable or disable keyboard shortcuts. Keyboard shortcuts may conflict with international keyboards or other shortcuts. By default keyboard shortcuts are enabled, but can now be disabled on the Preferences page.
August 19, 2015
Filter updates. When filtering Source data, you'll now see that filters are managed under Processing Rules.
Run searches from apps before installing them. You can now test drive searches from apps before you install them. Just click a search in the Library to run it. Note that you'll need to have data related to the search present in your Sumo Logic account to see results. Also, searches in Enterprise apps (such as PCI) are not available.
Number of available users displayed in the Users page. To help admins keep an eye on the number of available seats in an account, the number of allotted users is displayed at the top of the Users page, along with the number of users already added to the account.
Better preservation of line breaks in search results. Line breaks in multiline logs now display, properly formatting these messages.
August 3, 2015
UI updates. You'll notice a new look for the Histogram on the Search page, as well as a new Add button on the Users, Roles, Partitions, Scheduled Views, and Field Extraction management pages.
July 28, 2015
Numerical filters for Interactive Dashboards. With numeric filters, you can restrict the range to display in an Interactive Dashboard using =, !=, >, <, >=, or ,<=.
The Sumo Logic App for Artifactory. This new app provides insight into your JFrog JFrog Artifactory binary repository. The App provides preconfigured Dashboards that include an Overview of your system, Traffic, Requests and Access, Download Activity, Cache Activity, and Non-Cached Deployment Activity.
Anomaly Detection updates. Anomaly Detection now provides the ability to create Snapshots of your Anomaly reports to save information about Events and Incidents that need further investigation and interact with them. Also, the new Incidents page allows you to run a historical query on-demand for insights to the anomalies detected by Sumo Logic older than six hours. Drilling down into the updated Signatures pane provides a new line graph and signature details. The Change column with an arrow indicator has also been restored to the Signatures pane.
July 21, 2015
New features in the Setup Wizard. In this release, you'll find new options for setting up HTTP and Syslog Sources for Cisco ASA, Palo Alto Network, Linux system, Mac system, Windows Events, and Windows Performance data types.
Embedded URL links in Dashboard Panels. Tables in Dashboard Panels can now include links to URLs.
AkamaiAkamai, Windows Events, and Windows Performance app improvements. New Overview Dashboards for each app make finding general information easier to see at a glance.
July 9, 2015
Interactive Dashboards. Interactive Dashboards are a powerful forensic tool to create searches and view search results based on data from any time in the past month.
Keyvalue Auto Extract. With this new mode, the keyvalue operator can automatically extract non-referenced fields.
June 20, 2015
JSON Auto Extract. The json auto option in a query automatically detects JSON objects in logs and extracts the key/value pairs without the need to specify fields in a parse statement. For complete details, see JSON Operator.htm.
Default Timezone. This setting on the Preferences page allows you to change the time zone displayed in the Sumo Logic user interface, which by default is taken from the web browser. This is a personal setting, and does not change the time zone for anyone else in your organization. This option affects all hours and minutes displayed in the user interface, including time ranges on the Search page, the Time column in the Messages pane, in Dashboards, and in Anomaly Detection. It does not affect the configurations of previously created Scheduled Searches or Real Time Alerts. For details, see Timestamps, Time Zones, and Time Ranges.
Anomaly Detection updates. Anomaly Detection now provides the ability to create Snapshots of your Anomaly reports to save information about Events and Incidents that need further investigation and interact with them. Also, the new Incidents page allows you to run a historical query on-demand for insights to the anomalies detected by Sumo Logic older than six hours. Drilling down into the updated Signatures pane provides a new line graph and signature details. The Change column with an arrow indicator has also been restored to theSignatures pane.
Sumo Logic App for Docker. The Sumo Logic App for Docker provides operational insight into your Docker environment. The App uses a Container, which includes a Collector and a Script Source, to gather statistics and events from the Docker Remote API on each host. The App includes Dashboards that allow you to view your Container performance statistics for CPU, memory, and the network. It also provides visibility into Container events such as start, stop, and other important commands.
Navigation Bar Refresh. The Sumo Logic navigation bar has been refreshed with new colors and fonts to update the look and feel. Its function has not changed.
parseHex Operator. The parseHex operator allows you to convert a hexadecimal string of 16 or fewer characters to a number.
June 16, 2015
Sumo Logic App for Apache Tomcat. The Sumo Logic App for Apache Tomcat monitors server operations, assists in troubleshooting issues, and provides insight into website visitor behavior patterns across entire web server farms. It also provides a high level overview of the Tomcat servlet container, Catalina, and garbage collection. The app consists of predefined Dashboards and searches, which provide visibility into your environment for real time or historical analysis. For complete details, see Sumo Logic App for Apache Tomcat.
Setup Wizard Updates. The Setup Wizard, in addition to AWS data types, now allows you to configure Collectors and Sources for Apache, Windows IIS, MySQL, Nginx, and Varnish data types. It also allows you to configure your own Custom Apps and to Upload Local Files in order to test Sumo Logic for your use case. For details, see Setup Wizard.
May 24, 2015
Sharing a Dashboard's URL. From the Dashboards page, you can now share a URL link to a Dashboard, meaning that others in your organization will be able to jump right to the Dashboard you'd like to share with them. When another user clicks the URL, they will be asked to log in before they can view the Dashsboard.
April 25, 2015
Save Search dialog changes. This dialog is now split into sections for “Save Search As", and “Schedule this search.” This change makes configuration clearer and easier.
Share Search Query link moved on the Search page. The location of the Share Link on the Search page has changed. It is now included with the links under the Search box.
Request Enterprise App dialog. Some changes have been made to this dialog, which opens when you click the Request Estimate button for the PCI and Security Analytics apps. The dialog informs you that Enterprise apps require a paid Professional Services contract to install and configure. You may upgrade your account at any time.
Request button for Enterprise apps. The Request button for enterprise apps has been changed to Request Estimate as a reminder that the Enterprise app installation requires a paid Sumo Logic Professional Services contract.
App Install button look and feel. The position and appearance of the Install button for installing Apps from the Library has been changed.
Collectors page changes. Breadcrumb links have been added to the Collectors page.
Deploy Collectors on AWS OpsWorks. You can now deploy collectors on AWS OpsWorks, which provides a simple platform that allows you to easily create and manage stacks and applications.
March 21, 2015
Support for new operators in Field Extractions. You can now use keyvalue and fields operators in Field Extractions, as well as the new num operator.
Num operator. The Num operator converts a field to a number. Using Num in a query is useful for sorting results by number instead of alphabetically.
Organization ID field in the Preferences page. You'll notice a new ID number the next time you check the Preferences page. This is the unique ID of your organization, automatically assigned when your account is activated, and is used mainly by the Sumo Logic Support team to verify an Organization during support cases.
March 9, 2015
Setup Wizard. The Sumo Logic Setup Wizard allows new users to get started quickly. It guides you step by step to select the Source of your logs, configure that Source and a Collector, and uploads data to Sumo Logic automatically. Once the data begins to upload, the wizard even installs a Sumo Logic App that allows you to analyze your data. Within the Sumo Logic Web Application, you can access the Setup Wizard to configure additional Collectors and Sources by going to Manage > Setup Wizard.
AWS Sources. Sumo Logic has made adding AWS Sources for Hosted Collectors easier. On the Collectors page, when you click Add Source, now you can select the new Source tiles for AWS solutions including AWS CloudTrail, AWS Config, AWS Elastic Load Balancing, Amazon CloudFront, and AWS S3 Audit.
Sumo Logic Apps for Data Volume and Audit. When installing the Sumo Logic Apps for Data Volume and Audit, if you do not have the Data Volume or the Audit Index features enabled, a step was added that allows you to enable these features as install time. This prevents you from installing an App that is not configured to work properly accidentally.
Collector Management API Documentation. The Collector Management API documentation has been added to Help for easy reference.