Sumo Logic Log Analytics

Version: 1.24
Updated: Dec 12, 2024
Integration with Sumo Logic platform for logs, metrics, and monitors.
Actions
- Search Sumo Logic (Enrichment) - Query data from Sumo Logic Log Analytics.
- Search Sumo Logic Daemon (Daemon) - Automatically search the Sumo Logic Log Analytics with given query.
- Aggregates Sumo Logic Daemon (Daemon) - Automatically pull Aggregates of Sumo Logic Log Analytics with given query.
- Search Metrics (Enrichment) - Query Metrics from Sumo Logic Log Analytics.
- Search Output Mapping (Enrichment) - Parsing the output of a Search Sumo Logic action.
- Resolve Alert (Notification) - Resolve Alert.
Sumo Logic Log Analytics configuration
Create an access key and copy the resulting Access ID and Access Key. Store the ID and access key (temporally) into a text editor.
The ID and key won't be available again once you close the confirmation screen.
Configure Sumo Logic Log Analytics in Automation Service and Cloud SOAR
Before you can use this automation integration, you must configure its authentication settings so that the product you're integrating with can communicate with Sumo Logic. For general guidance, see Configure Authentication for Automation Integrations.
How to open the integration's configuration dialog
- Access App Central and install the integration. (You can configure at installation, or after installation with the following steps.)
- Go to the Integrations page.
Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations. - Select the installed integration.
- Hover over the resource name and click the Edit button that appears.
In the configuration dialog, enter information from the product you're integrating with. When done, click TEST to test the configuration, and click SAVE to save the configuration:
-
Label. Enter the name you want to use for the resource.
-
Sumo Logic API URL. Enter the API endpoint URL for your region (for example,
https://api.sumologic.com
). -
Access ID. Enter the access ID for your Sumo Logic access key. Select Default as the scope when generating access keys.
-
Access Key. Enter the access key corresponding to your Sumo Logic access ID.
-
Timezone. Select your timezone.
-
Daemon Query. Enter the query to be executed in daemons.
-
Connection Timeout (s). Set the maximum amount of time the integration will wait for a server's response before terminating the connection. Enter the connection timeout time in seconds (for example,
180
). -
Verify Server Certificate. Select to validate the server’s SSL certificate.
-
API Rate Limit Sleep (s). Enter the API rate limit in seconds. If the API rate limit exceeded, wait for 1 second and then attempt a retry, with a maximum wait time of 10. more info at https://help.sumologic.com/docs/api/metrics/#rate-limiting.
-
Automation Engine. Select Cloud execution for this certified integration. Select a bridge option only for a custom integration. See Cloud or Bridge execution.
-
Proxy Options. Select whether to use a proxy. (Applies only if the automation engine uses a bridge instead of cloud execution.)
- Use no proxy. Communication runs on the bridge and does not use a proxy.
- Use default proxy. Use the default proxy for the bridge set up as described in Using a proxy.
- Use different proxy. Use your own proxy service. Provide the proxy URL and port number.

Change Log
- April 6, 2021 - First upload
- May 3, 2022 - Update integration and add new daemon
- June 07, 2022 - Updated action:
- Search Sumo Logic
- July 13, 2022 - Updated action:
- Search Sumo Logic (updated output and Field Last Period values)
- November 10, 2022 (v1.4)
- Updated action: Search Sumo Logic (Timezone issue fixed and added one more endpoint to get Aggregate/Records)
- New Daemon: Records Sumo Logic Daemon
- March 22, 2023 (v1.5)
- Updated integration: (Updated the integration Fields with Environmental Variables)
- June 28, 2023 (v1.6)
- Visibility of the Resource fields changed
- Updated Daemons:
- Records Sumo Logic Daemon
- Search Sumo Logic Daemon
- August 17, 2023 (v1.7)
- Updated Action - Search Sumo Logic (Updated Timestamp)
- September 4, 2023 (v1.8) - Fixed a bug where if the timeout was not specified, an error would occur
- September 19, 2023 (v1.9 - v1.12) - Versioning
- September 21, 2023 (v1.13)
- Integration has been renamed from "Sumo Logic CIP" to "Sumo Logic"
- Added Dynamic Table View for Search Sumo Logic Action
- New Actions:
- Search Metrics
- Search Output Mapping
- Resolve Alert
- September 22, 2023 (v1.14) - Updated Search Metrics Action
- September 27, 2023 (v1.15) - Updated Search Sumo Logic Action (Added Limit Field)
- September 28, 2023 (v1.16) - Updated Search Sumo Logic Action (Updated the default value for the Limit Field)
- October 3, 2023 (v1.17) - Updated Search Sumo Logic Action
- October 19, 2023 (v1.18) - Updated Search Sumo Logic Action (Subquery can now be executed)
- October 31, 2023 (v1.19)
- Following Actions Updated:
- Aggregates Sumo Logic Daemon (formerly Records Sumo Logic Daemon)
- Records Sumo Logic Daemon Action renamed to Aggregates Sumo Logic Daemon
- Subqueries can now be managed
- Last Result DateTime field now accepts values as DateTime or Timestamp
- Search Metrics
- Added a new field called Quantization
- Search Sumo Logic Daemon
- Subqueries can now be managed
- The Last Result Timestamp field now accepts values as DateTime or Timestamp
- Aggregates Sumo Logic Daemon (formerly Records Sumo Logic Daemon)
- Following Actions Updated:
- November 28, 2023 (v1.20)
- Updated Search Sumo Logic Action (Added Table View as an output for use in notes/tasks)
- March 4, 2024 (v1.22) - Updated code for compatibility with Python 3.12
- April 5, 2024 (v1.23)
- The integration formerly known as "Sumo Logic" has been renamed to "Sumo Logic Log Analytics"
- Added a new field API Rate Limit Sleep to the Integration resource (If API rate limit exceeded, wait for 1 second and then attempt a retry, with a maximum wait time of 10)
- Search Sumo Logic Action updated:
- If the Aggregates field is selected, the action will fetch only aggregates. If the Aggregates field is not selected, it will fetch only messages.
- Added a new field Escape Backslashes if selected it will Escape all Backslashes in Query
- December 12, 2024 (v1.24)
- Updated Actions: (Fixed Authentication Issue)
- Search Sumo Logic Action
- Search Sumo Logic Daemon Action
- Aggregates Sumo Logic Daemon Action
- Updated Actions: (Fixed Authentication Issue)