Skip to main content
Sumo Logic

Install the Windows App and view the Dashboards

The Sumo Logic app for Windows consists of Dashboards and an extensive set of searches grouped by their topics under four sub-folders: Security Status, System Activity, Updates, and User Activity.

Sumo Logic App

Now that you have configured Windows logs, install the Sumo Logic App for Windows to take advantage of the pre-configured searches and dashboards to analyze your Windows data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Overview

windows_app_overview_700x385.png

Top Windows Update Error Codes. Displays the top 10 Windows update error codes in a pie chart for the last 24 hours.

All Fatal or Warning Messages by Source Host. Provides details on the number of all fatal or warning messages by source host in an aggregation table for the last 24 hours.

System Restarts. Shows the number of system restarts in a single value chart for the last 24 hours.

Recent Policy Changes. Displays the number of recent policy changes by policy and count in a bar chart for the last 24 hours.

Changes to Administrative Groups. Shows the number of changes to administrative groups in a single value chart for the last 24 hours.

Default

windows_app_default_new_700x377.png

Top 10 Service Operations. Displays information on the top 10 services per host that have started and stopped over the last 10 hours in a bar chart. To display details of the data in a pop-up menu, hover over a section of the chart. Hover over the text Last 10 Hours in the upper right corner to see details of the time frame for the displayed data.

System Operations. Provides information on the number of and type of events that have occurred per host over the last 10 hours, which allows you to easily identify any spikes in activity in the column chart. To display details of the data in a pop-up menu, hover over a section of the chart. Hover over the text Last 10 Hours in the upper right corner to see details of the time frame for the displayed data.

Event Distribution Over Time. Displays the number and type of events per hour in an easy to read timeline for the past 24 hours. To display details of the data in a pop-up menu, hover over a line in the chart. Hover over the text Last 24 Hours in the upper right corner to see details of the time frame for the displayed data.

Errors and Warnings Over Time. Shows the number of errors and warnings per hour in a timeline. To display details of the data in a pop-up menu, hover over a line in the chart. Hover over the text Last 24 Hours in the upper right corner to see details of the time frame for the displayed data.

Login Status

windows_app_login_status_new_700x379.png

Logins by Hour. Counts the number of login successes and failures by one hour increments over the last two hours in a column chart. To display details of the data in a pop-up menu, hover over a section of the chart. Hover over the text in the upper right corner, Last 2 Hours, to see details of the time frame for the displayed data.

Failed Logins by Hour. Displays the number of failed logins per host by hour in an easy to read stacked column chart. Information is displayed for the last two hours. To display details of the data in a pop-up menu, hover over a section of the chart. Hover over the text in the upper right corner, Last 2 Hours, to see details of the time frame for the displayed data.

Successful Logins. Shows a table of successful logins including information on the computer name, source user, destination user, and number of attempts. Information is displayed for the last two hours.

Successful RDP Logins. Provides a table with a list of successful remote desktop logins including details on computer name, destination user, and number of attempts. Information is displayed for the last two hours.