Sumo Logic FAQ
Frequently asked questions about Sumo Logic.
What is the optimal log format to use with Sumo Logic?
When you have full control over your logging format we recommend human readable key-value pairs whenever possible. JSON and XML are also acceptable, though XML is harder to read and parse than JSON.
Whatever you use follow these rules:
- Use key-value pairs in a regular, defined format such as
key=value,so they're easy to parse. - Start logs with a regular, well-defined timestamp, ideally including a time zone. See timestamp considerations and supported formats for details.
- Start logs with a regular format to make automatically detecting message boundaries easier. See collecting multiline logs for details.
For example, from our own production logs, we use the following:
2012-08-16 13:39:36,979 [metrics] INFO com.sumologic.util.Reporter - com.sumologic.util.scala.Aggregator.Buffer[/usr/sumo/stream-19.5-3/logs/stream.log]-Size-Meter (bytes/s) count=78847, fifteenMinuteRate=0.26, fiveMinuteRate=0.11, oneMinuteRate=0.00, meanRate=1.06
This is a key-value pair log, which is easy to parse and easy to read in Sumo.
What types of logs can I collect?
The following table lists data types and some of the popular sources that produce logs, which can be collected by Sumo Logic. This list is a sample only to provide a general idea of the possible sources of log data; it is not complete.
| Data Type | Popular Log Sources |
|---|---|
| Custom App Code |
|
| Open Source |
|
| Middleware |
|
| Databases |
|
| Server / OS |
|
| Virtual |
|
| Network |
|
| Content Delivery |
|
| IaaS / PaaS |
|
| SaaS | |
| Security |
|
Where is my data stored?
Where your data is stored depends on the geographical location the Account Owner selects when creating your Sumo Logic account. Your data is stored only in your selected region.
The following table describes the AWS regions used by each Sumo Logic deployment.
| Region code | Region name | AWS region | API endpoint |
|---|---|---|---|
| AU | Asia Pacific (Sydney) | ap-southeast-2 | https://api.au.sumologic.com/api/ |
| CA | Canada (Central) | ca-central-1 | https://api.ca.sumologic.com/api/ |
| DE | EU (Frankfurt) | eu-central-1 | https://api.de.sumologic.com/api/ |
| EU | EU (Ireland) | eu-west-1 | https://api.eu.sumologic.com/api/ |
| FED | US East (N. Virginia) | us-east-1 | https://api.fed.sumologic.com/api/ |
| IN | Asia Pacific (Mumbai) | ap-south-1 | https://api.in.sumologic.com/api/ |
| JP | Asia Pacific (Tokyo) | ap-northeast-1 | https://api.jp.sumologic.com/api/ |
| KR | Asia Pacific (Seoul) | ap-northeast-2 | https://api.kr.sumologic.com/api/ |
| US1 | US East (N. Virginia) | us-east-1 | https://api.sumologic.com/api/ |
| US2 | US West (Oregon) | us-west-2 | https://api.us2.sumologic.com/api/ |
See the AWS IP ranges JSON file for the current list of AWS IP ranges or subnets or prefixes. To simplify firewall configuration, you can use only the IP prefixes for the AWS region associated with your Sumo Logic deployment, as shown in the table.
The list of IP ranges is shared infrastructure. It is not limited to Sumo Logic nodes and is subject to change over time.
You can run the following query against the downloaded file in Sumo Logic to determine the IP addresses for each deployment.
| parse regex "\s+\"ip_prefix\":\s+\"(?<ip_prefix>.*?)\",\n\s+\"region\":\s+\"(?<region>.*?)\",\n\s+\"service\":\s+\"(?<service>.*?)\"" multi
| where service="AMAZON"
and (
region="us-west-2"
or region="us-east-1"
or region="eu-west-1"
or region="ap-southeast-2"
)
| if (region="us-west-2", "US2", region) as region
| if (region="us-east-1", "US1", region) as region
| if (region="eu-west-1", "EU", region) as region
| if (region="ap-southeast-2", "AU", region) as region
| if (region="ap-northeast-2", "KR", region) as region
| count by ip_prefix, region, service
| fields - _count
| sort by region, ip_prefix
After configuring the firewall, Collector, and Sources, confirm that the Collector and Sources are working by verifying that you can receive a given type of message (such as syslog messages) at the specified location.
For more information, see: