Skip to main content

Behavior Insights

Behavior Insights encompasses three log search operators to accelerate insights, troubleshooting, and action plans using structured logs. About 23% of the daily log ingest volume pertains to JSON data and accounts for a growing share of total log volume. This growth is driven by modern applications and underlying cloud (AWS, GCP, Azure) and orchestrator logs. Behavior Insights helps answer the following questions for SecOps, DevOps, and business users:

  • What activity patterns are evident from structured logs? What patterns are¬†trending?
  • Which groups of users, apps, services, or resources are responsible for activity in logs?
  • Which¬†groups of users, apps, services, or resources are responsible for¬†unusual¬†activity in logs?

Modeled after our LogReduce log summarization feature, the LogReduce Values and LogReduce Keys operators cluster logs based on their structure or pattern and activity content respectively.

Guide contents‚Äč

In this section, we'll introduce the following concepts:

LogExplain

This operator finds the root cause of outliers in logs based on conditions you specify.

LogReduce Keys

Clusters JSON logs based on keys providing an at-a-glance summary of patterns in logs based on their schema while ignoring specific values.

LogReduce Values

Clusters JSON logs using the values of keys.

Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.