Install the Sumo Logic App
Now that you have configured Observable Networks, install the Sumo Logic App for Observable Networks to take advantage of the preconfigured searches and dashboards to analyze your Observable Networks data.
To install the app:
- Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
- Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
- In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
- Select either of these options for the log data source.
- Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
- Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (
- Click Add to Library.
Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.
Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps.
Observable Networks Overview
The Observable Networks Overview Dashboard is intended to provide an at-a-glance view into your network.
Effective Session Count. Displays the number of effective "flows" ("sessions") as a single value chart for the last hour.
Roles. Provides a breakdown of the types of endpoints currently on the network in a pie chart for the last hour. Endpoint types could be WebServer, iOS, Printer, etc. Roles are published every hour, so this Panels displays the latest role distribution on your network.
Recent Alert Updates. Shows a list of recently updated alerts in a table with a URL link to their alert detail page on the Observable Networks portal for the last six hours. Click the links for more details about an alert. If this Panel is empty, that means there have been no alerts for the last six hours.
Observation Origins. Displays observations that relate to activity with external endpoints (e.g., "New External Server") on a map of the world for the last six hours.
Recent Observations. Lists the latest observations on the system and their counts in a table for the last six hours. Observations are notable events about your network, which are the building blocks for alerts.
Observations by Time. Displays the frequency of each observation type as an area chart on a timeline for the last six hours.
Recent Flow Count. This query shows the history of flow counts for your network. A network flow describes a single piece of communication on your network, including source and destination IPs, ports, and protocol (TCP, UDP, etc.). Flows are the main input to the Observable Networks platform.
Role History. This multi-line graph shows the population of each role type on the network. Here you can track how the population of your network has changed over time. For example, the number of iOS devices and printers.
Top Observation Hosts. This is simple query shows the hosts (sources) with the most observation counts.