Skip to main content
Sumo Logic

About Monitors

Monitoring your application and its infrastructure is not complete without a robust alerting system. Sumo Logic Monitors provide alerting capabilities for your team to get notifications about potential issues and outages, so you can act swiftly before it impacts your customers. Some notable features of Sumo Logic Monitors are:

  1. A simple, intuitive, and unified experience of creating and managing both log and metric monitors.
  2. Full automation of alert creation and management using Terraform and the API.
  3. Reduced alert fatigue by leveraging automatic resolution of incidents.
  4. An intelligent notification engine that reduces alert noise and limits duplicate notifications.
  5. Integration with known incident management and communications tools for improved integration into your existing incident management workflows. Some of the notable integrations include PagerDuty, OpsGenie, ServiceNow, Slack, Email, and more.
Difference from Scheduled Searches

In order to understand the difference between the two we first need to know the use-cases that each solves today. 

Scheduled searches solve two main use cases:

  1. Alerting you about specific issues happening in your application. For example, you can create scheduled searches to get notified about a spike in the error rate for a service or a stopped process. 
  2. Reporting on specific insights from searches on a periodic schedule. For example, you can create a schedule to run daily to notify you about the Daily Active users on your platform.

The new Monitors are designed to solve the first use case, alerting. It provides additional capabilities, like Auto-resolution, support for multiple notification channels, and more. Any scheduled searches that were created to solve the alerting use case can be moved to new Monitors, this includes Real Time Scheduled Searches. 

Apart from the differences in the use cases, there are a couple of feature differences between Scheduled Searches and new Monitors for logs.

Feature Scheduled Searches Monitors (Logs)
Support for Slack, PagerDuty, OpsGenie and other Integrations Yes Yes
Customization of Notification Yes Yes
Auto Resolution of Incidents No Yes
Send Notification to multiple channels No Yes
Disable/Mute Alerts No Yes
API Support Partial* (Supported via content sync API) Yes
Terraform Support No Yes
All Log Operators supported Yes* (Some operators are not supported for Real time alerts) Yes
Outlier based alerts Yes No
Access Control Object Level Access Control Feature Level Access Control
Audit Logs for CRUD and System Events (like Notifications Sent, Failures etc.) Yes Yes
Control Over Schedule of alert/When alert is evaluated Yes No
One Notification per Log Line Yes No
Difference from Metrics Monitors

Both Metrics monitors and new Monitors try to solve the alerting use case mentioned above. Monitors have additional capabilities, like Auto-resolution, support for multiple notification channels, notification customizations, and more. 

Feature Metrics Monitors Monitors (Metrics)
Support for Slack, PagerDuty, OpsGenie and other Integrations Yes Yes
Customization of Notification Yes* 
(No email customization)
Yes
Auto Resolution of Incidents No Yes
Send Notification to multiple channels No Yes
Disable/Mute Alerts Yes Yes
API Support Yes* (Beta) Yes
Terraform Support No Yes
Access Control Feature Level Access Control Feature Level Access Control
Audit Logs for CRUD and System Events (like Notifications Sent, Failures etc.) Yes No* Coming Soon
Group Notification ( One notification per monitor) No Yes