Skip to main content
Sumo Logic

Getting Started Checklist for Administrators

This checklist provides a list of Help topics that will guide Administrators through setting up their Sumo Logic organization for the first time.

Click each link to go to each Help topic for all the details, then come back to this checklist to continue.

Getting Started

These topics provide basic information about your Sumo Logic account, and how to design your Sumo Logic implementation for your use case.

  •  Sumo Logic Account Types
    The feature set of your Sumo Logic organization will depend on what type of Sumo Logic account you have. Review the list to make sure your account fits your use case. You can upgrade at any time.
  • Sumo Logic Components
    Sumo Logic is comprised of just a few components: Collectors, Sources, the Sumo Logic Cloud, and the Sumo Logic Web Application. Learn how these components work together here.
  • Design your Deployment 
    Depending on your use case, you may need to use Installed or Hosted Collectors. Use this topic to help you determine what your organization will need.
  • Best Practices: Local and Centralized Data Collection
    Which method is right for you? 
  • System Requirements 
    These topics include information on basic hardware requirements for Sumo Logic Collectors, supported web browsers for best performance, and supported log encoding.
  • Preferences Page 
    Set the Preferences on your personal Sumo Logic account for settings such as your password, web session timeout, default time zone, and more.

Collecting Data

To send your data to Sumo Logic, you’ll need to learn how to configure Collectors and Sources.

  • Metadata Naming Conventions
    Prior to configuring Collectors, it is a good idea to establish a naming convention for Sources, Collectors, and especially metadata tags.
  • Compare Installed and Hosted Collectors 
    Before you can send data to Sumo Logic, you'll need to decide what type of Collectors make sense for your use case: Installed Collectors or Hosted Collectors.
  • Installed Collectors 
    Installed Collectors are deployed in your environment, either on a local machine, a machine in your organization, or even an Amazon Machine Image (AMI). Installed Collectors require a software download and installation. Upgrades to Collector software are released regularly by Sumo Logic.
  • Hosted Collectors 
    Hosted Collectors don't require installation or activation, nor do Hosted Collectors have physical requirements, since they're hosted in AWS or HTTP.
  • Sources 
    Sources are the environments that Sumo Logic Collectors connect to collect data from a customer's site.
    • Sources for Installed Collectors 
      Sources for Installed Collectors include Local and Remote File Sources, Local and Remote Windows Event Sources, Local and Remote Windows Performance Sources, Script Sources, Syslog Sources, and Script Actions.
    • Sources for Hosted Collectors 
      Sources for Hosted Collectors include HTTP Sources and AWS Source Types such as AWS CloudTrail, AWS Config, AWS ELB, Amazon CloudFront, Amazon S3 Audit, and Amazon S3.
  • Timestamps, Time Zones, Time Ranges, and Date Formats 
    Sumo Logic supports several options for timestamps, time zones, time ranges, and dates.
  • Using JSON to Configure Sources 
    If you’d like to configure your Sources using JSON files, you can do that too.

Searching Data

After configuring Sources to collect the logs you need, you can begin using search within minutes. Sumo Logic search syntax uses logical and familiar operators allowing you to create ad hoc queries quickly and efficiently.

  • General Search Examples Cheat Sheet 
    The search cheat sheet provides examples of useful search queries for different use cases.
  • Search Basics 
    This topic describes keyword searches and the basics of Sumo Logic’s search syntax.
  • Modify a Search from the Messages tab 
    After running a search, you can modify subsequent searches by selecting text displayed in the Messages tab. After selecting text, you can choose how to modify the search using the options from a pop-up menu.
  • Parsing 
    Sumo Logic provides a number of ways to parse fields in your log messages.
  • Aggregating 
    Aggregating functions evaluate messages and place them into groups, which allows you to count and order your results. Once you have aggregate results, you can visualize your data using charts.
  • Search Operators 
    This section provides detailed syntax, rules, and examples for Sumo Logic Operators, Expressions, and Search Language.

Search Optimization Tools

Search optimization tools speed the search process, delivering query results in less time and improving productivity for forensic analysis and log management. Search speed generally depends on the amount of data and the type of query run against the data. Search optimization tools segment the data and queue it up for quick results.

  • Search Optimization Tools 
    Describes index-based and field-based methods for search optimization, the search optimization process, and how to choose the right tool for the job.
  • Partitions 
    Partitions speed the search process by allowing you to filter a subset of the log messages in an index.
  • Scheduled Views 
    Scheduled Views speed the search process for small and historical subsets of your data by functioning as a pre-aggregated index.
  • Field Extraction
    Field Extraction speeds the search process by parsing fields as log messages are ingested. The parsing is done automatically, so you don’t need to run a query to parse the fields.
  • Field Browser 
    The Field Browser allows you to zero in on just the fields of interest in a search by displaying or hiding selected fields without having to parse them. You can focus on the fields you’re interested in, avoiding the “noise” of fields you don’t want to see.

System Administration

Admins of Sumo Logic accounts have access to several tools used to manage an organization, including managing Collectors and Sources, security settings, and RBAC users and roles.

  • The Manage Collection page centralizes all the information about the current state of Collectors and Sources, and provides easy ways to update Collector software and edit Collector information.
  • From the Manage Collection page, you can edit some characteristics of a Source, including its name, description, collection time, Source Host, Source Category, Advanced options, and Processing Rules.
  • The Global Security Settings page makes it easy to manage security policies in one place. From here you can manage: Password Policy, IP and CIDRwhitelistingAccess Keys, Sumo Logic Audit Index, and Support Account Access
  • Sumo Logic supports Role-Based Access Control (RBAC) to allow Administrators to customize system access. With RBAC, Administrators create roles that are created for groups of users who perform various job functions. Users are not assigned permissions directly, but inherit permissions through roles (or even through a single role). Role assignments can grant users permissions to access some data sets, or can restrict users from accessing types of data.

APIs

For customers with Enterprise accounts, Sumo Logic provides different APIs to interact with third-party scripts and applications.

  • Sumo Logic Endpoints 
    Sumo Logic has five deployments, or pods, that are assigned depending on the geographic location and the date a Sumo Logic account is created.
  • Collector Management API 
    The Collector Management API allows you to define an initial Source configuration for your Collectors using a JSON file. It also allows you to create, update, and delete Collectors and Sources from an HTTP endpoint.
  • Search Job API
    Sumo Logic exposes the Search Job API for access to resources and log data from third-party scripts and applications. The API follows Representational State Transfer (REST) patterns and is optimized for ease of use and consistency.

Sumo Logic Apps

Sumo Logic Applications deliver out-of-the-box Dashboards, reports, saved searches, and field extraction for popular data Sources. When you install a Sumo Logic App, these pre-set searches and Dashboards are customized with your Source configurations and populated in a folder in the Library selected by you.

  • Using the Library 
    The Library provides a central location for shared and saved content in your Sumo Logic account, as well as content shared by others in your organization. All Sumo Logic Apps are available through the Library.
  • Run Searches from Sumo Logic Apps 
    Sumo Logic Apps provide a host of pre-built saved searches for popular data Sources that you can run against your data without installing the App itself. This way, you can try the searches in an App against your data before you decide to install it. Or you can view the searches to see how good example queries are written.
  • Install Apps from the Library 
    Sumo Logic Apps are available in the Library. Select from a long list of popular data Sources and install them right from the Library. Certain Apps have specific installation requirements. Be sure to check the Help topic for your App for specific instructions.
  • Log Analysis QuickStart App 
    The Log Analysis QuickStart App, created especially for new users of Sumo Logic, includes searches to extract important information from your log files, independent of where they get generated. Whether you are new to log management or plan to migrate from other products, the Log Analysis QuickStart app will bring you up to speed with the Sumo Logic search, visualization, and analytics capabilities.
  • Data Volume App
    The Sumo Logic App for Data Volume allows you to view at a glance your account's data usage volume by category, Collector, Source name, and hosts. The app uses predefined searches and a Dashboard that provide visibility into your environment for real-time analysis of overall usage.