Skip to main content
Sumo Logic

Data Volume App Dashboards

Data Volume App Dashboards provide information on the volume of your Sumo Logic's accounts Source Categories, Collectors, Sources, and Hosts.

For each Panel in the Dashboard, you can perform the following actions:

  • To display details on the Panel time range, hover over the text in the top right corner.
  • To zoom into the Panel for more information, click the magnifying glass icon in the header.

Data Volume - Overview

The goal of the Overview dashboard is to help you identify what and where you are ingesting the most. Sumo Logic bills according to your total volume and it's important to know whether the Overview page is divided between Logs (typically more expensive and detailed) and metrics, which can also cause an increase in data volume. From this dashboard, you can use the Ingest panels to drill down to more detailed dashboards on logs and metrics.

  • Logs
    • Ingest. Displays the total logs ingest volume in GB for your account. Click the panel to drill down on your most recent logs ingest data.
    • Top 5 Source Categories. Displays the top 5 source categories and their volume usage in GB over the last 24 hours, displayed in a bar chart.
    • Top 5 Collectors. Displays the top 5 collectors and their volume usage in GB over the last 24 hours, displayed in a bar chart.
  • Metrics
    • Ingest. Total data points for metrics for your account. Click the panel to drill down on your most recent metrics ingest data.
    • Top 5 Source Categories. Displays the top 5 source categories and their volume usage in data points over the last 24 hours, displayed in a bar chart.
    • Top 5 Collectors. Displays the top 5 collectors and their volume usage in data points over the last 24 hours, displayed in a bar chart.

Data Volume - Logs

The greatest data ingest typically comes from log volumes. From the Data Volume - Logs dashboard you can see your log ingest volume in greater detail, outlining ingest spikes, outliers, and quota.

 
  • Ingest Spike (Moving Avg). View any incidents in the last 24 hours where current hour ingest is 70% above moving average ingest.
  • Ingest Spike (Last Data Point). View any incidents in the last 24 hours where current hour ingest is 50% above last (earlier) hour ingest.
  • Data Ingest Trend.
  • Top 5 Source Categories. Displays the top 5 source categories and their volume usage in GB over the last 24 hours, displayed in a bar chart.
  • Data Ingest Outlier. Identifies where ingest has gone outside the specified threshold during the last 30 days.
  • Ingest. Total log ingest volume in GB for the last 24 hours.
  • Top 5 Collectors. Displays the top 5 collectors and their volume usage in GB over the last 24 hours, displayed in a bar chart.
  • Data Ingest Prediction. Displays current usage for the last 30 days and forecasts your data ingest up to 20 data points into the future. You can see the line break between actual ingest and predicted ingest at the current date.
  • Ingest. Total ingest by volume for the last 24 hours in gbytes.
  • Top 5 Source Hosts. Displays the top 5 source hosts by IP address and their volume usage in GB over the last 24 hours, displayed in a bar chart.
  • Daily Ingest Vs Average Daily Ingest Quota. Configure the Average Daily Ingest Quota value based on your. Account Subscription. If you don't know your quota, you can check the Sumo UI for it under Manage > Account the value you want is your Daily Average Limit Value. Set this as quota into the avg_daily_ingest_quota variable in the panel query and also through Settings > "Colors by Value Range" and set the color. Update your dashboard.
  • Source Category (1-30%) Vol. Displays an aggregation table of all sources that take up between 1 and 30% of the Data Volume in Sumo to help you identify normal-volume sources.
  • Candidate Partitions. Displays a bar chart showing the total number of available partitions in the account for the last 30 days to give you a visualization of the number of partitions in your account, contributing to your total data volume.
  • Source Category (30%+) Vol. Displays an aggregation table of all sources that take up 30%  or more of the Data Volume in Sumo to help you identify high-volume sources and make changes if needed.

Data Volume (Logs) by various metadata fields

You can also drill down on source metadata, using the metadata you've created within Sumo to better define your log sources.

  • Top 5 Source Categories. Displays the top 5 source categories and their volume usage in GB over the last 24 hours, displayed in an aggregation table.
  • Ingest by Source Category. Displays a bar chart of ingested sources for the last 30 days, timesliced by every 12 hours.
  • Top 5 Collectors. Displays the top 5 collectors and their volume usage in GB over the last 24 hours, displayed in an aggregation table.
  • Ingest by Collector. Displays a bar chart of data ingested by collectors for the last 30 days, timesliced by every 12 hours.
  • Top 5 Source Hosts. Displays the top 5 source hosts by IP address and their volume usage in GB over the last 24 hours, displayed in an aggregation table.
  • Ingest by Source Host. Displays a bar chart of data ingested by source hosts for the last 30 days, timesliced by every 12 hours.

Data Volume - Metrics

Another point of volume ingest is metrics. We measure metric ingest for your account in data points. With this Dashboard, you can review details of your data ingest to identify areas of high-volume ingest.

  • Ingest. View your metrics data volume in data points for the last 24 hours.
  • Ingest trend. View your metrics ingest volume over the last 24 hours, time sliced by hour.
  • Top 5 Collectors. Displays the top 5 collectors and their volume usage in data points over the last 24 hours, displayed in a bar chart.
  • Top 5 Source Categories. Displays the top 5 source categories and their volume usage in data points over the last 24 hours, displayed in a bar chart.
  • Top 5 source Hosts. Displays the top 5 source hosts and their volume usage in data points for the last 24 hours, displayed as a bar chart.
  • Top 5 Sources. Displays the top 5 sources and their data volume usage in data points for the last 24 hours, displayed as a bar chart.
  • Ingest Outlier. Identifies for you when data points are outside the designated threshold for ingest for the last 30 days.
  • Ingest Prediction. Identifies your data point ingest 20 data points into the future, time sliced by 6 hours for the last 30 days. 
  • Daily Ingest vs. Average Daily Ingest Quota. Because your Average Daily Ingest Quota value can vary based on your subscription level, you need to enter that value into a variable avg_daily_ingest_quota in the panel query. To find your quota Manage > Account to get your Average Daily Limit Value.  Once you've updated your dashboard, you'll be able to compare your current ingest to your quota and review any overages.
  • Ingest Spike (Moving Avg). View any incidents in the last 24 hours where current hour ingest is 70% above moving average ingest.
  • Ingest Spike (Last Data Point). View any incidents in the last 24 hours where current hour ingest is 50% above last (earlier) hour ingest.