This is an archive of the 2020 Sumo Logic Service Release Notes.
To view the full Service Release Notes archive, click here.
December 28, 2020 (Search)
New - Search can parse JSON logs automatically with Dynamic Parsing. Now you do not have to write parse expressions or update queries if your log schema changes.
December 22, 2020 (Manage)
Update - We've brought you greater control over your data: now you can update an existing partition's routing expression, which determines what data goes into the partition. (You have to be a Sumo Logic admin or have the Manage Partitions role capability.)
Changing the scope of a partition is useful if you simply want to route more or less data to an existing partition. Better yet, it allows you to re-route some or all of the data in an existing partition to a different Data Tier than the one it currently resides in. If you decide that some of the data in a partition belongs in a different tier than the one currently configured, you can edit the scope of that partition to exclude that data, and create a new partition for it that targets the desired tier.
For more information, see Edit a Partition.
December 21, 2020 (Apps)
Update - The CrowdStrike Falcon Endpoint Protection App has been updated to include a new dashboard to provide visibility into Falcon incidents. All dashboards have been updated to use the new dashboard platform. This app uses the new CrowdStrike Source to collect log data from the CrowdStrike Falcon Endpoint Protection platform.
December 8, 2020 (Apps)
Update - F5 - BIG-IP LTM App now uses Telemetry Streaming to collect log data from F5 - BIG-IP LTM.
December 4, 2020 (Account)
New - Select a duration for your Support Account Access. This determines how long the account is enabled. You can choose from 1 day to one year to indefinitely depending on your needs and comfort level with our access.
December 4, 2020 (Collection)
New - Our Cloud-to-Cloud Integration Framework has the following new Sources:
November 19, 2020 (Manage)
Update - Ingest budgets now have a Scope, replacing Field Value, which defines the log data to apply to a budget. This new budget assignment scheme allows you to have granular control over your ingest budgets while keeping the configuration overhead to a minimum.
November 16, 2020 (Apps)
New - AWS Firewall Network app provides visibility into traffic flows, through alerts generated by AWS Network Firewall.
November 16, 2020 (Dashboards)
You can now easily link dashboards together to quickly view related data. Each panel can have links to other dashboards. Links have options to include metadata and time range. When viewing the summary tab on a panel with linked dashboards you'll have the option to select from linked dashboards.
November 13, 2020 (Search)
Update - We're pleased to announce a improved search experience for Data Tier users. You can use the new _dataTier
search modifier to restrict a log search to a particular Data Tier (Continuous/Frequent/Infrequent). For more information, see Searching Data Tiers.
November 13, 2020 (Security)
New - If you have multiple Sumo Logic accounts, we've got good news for you: we've introduced custom Sumo Logic subdomains. By default, the subdomain in the URL for accessing Sumo Logic is "service", like this:
service.sumologic.com
Multiple orgs with identical domain names can result in authentication headaches. Now, your account owner can replace the "service" subdomain for each of your orgs with a distinct subdomain. For example:
west1.sumologic.com
Then, the links that Sumo Logic generates, for example, when you share queries or dashboards, will contain your custom subdomain. These subdomain-enabled links will direct the user to the correct account for authentication.
When subdomains are enabled for an org, you'll see your SAML SP-initiated login options on the Sumo Logic login page.
November 13, 2020 (Apps)
New - Sumo Logic AWS Lambda extension enables you to get instant visibility into the health and performance of your mission-critical applications using AWS Lambda. With this extension and Sumo Logic's continuous intelligence platform, you can now ensure that all your Lambda functions are running as expected by analyzing function, platform, and extension logs to quickly identify and remediate errors and exceptions.
November 05, 2020 (Collection)
New - We're thrilled to announce our new Cloud-to-Cloud Integration Framework.
The Cloud-to-Cloud Integration framework is an extensible system for running fully hosted, pull, and pub-sub based sources. Traditionally, Sumo Logic collection has been push-based, where we expose an endpoint to which data sources or collector agents push data to us. However, many SaaS applications and Cloud Providers expose event data that describe user, system/application activity which is critical for operations monitoring, security, and compliance use cases. The Cloud-to-Cloud Integration Framework is the system by which we provide integrations to these sources and SaaS applications.
This release comes with two new Sources, Okta and Netskope. Our existing apps are updated to work with these two new Sources.
The Cloud-to-Cloud Integration Framework is an extensible architecture, in which new Sources can be easily added in the future. Check out the Sources we have available in beta.
November 05, 2020 (Apps)
Update - We're happy to announce that the updated version of Sumo Logic App for Azure WebApp is compatible with the new Azure Monitor based Collection.
October 30, 2020 (Security)
New - We're pleased to announce a new role capability that allows a Sumo Logic admin to limit the ability of users to create Access Keys. Currently, all Sumo Logic users can create Access Keys on the Preferences page. Access Keys allow a user to register collectors and to use Sumo Logic APIs.) With the new Create Access Keys capability, you can limit the ability to create Access Keys to only those roles that require it. Note that, with this update, all roles in your Sumo account have the Create Access Keys capability. To restrict access, your Sumo Logic administrator can remove the capability from roles that do not require it.
New - We've released a new security policy you can use to set a maximum timeout for Sumo Logic UI web sessions. Sumo Logic users can set their web session timeout on the Preferences page, up to a maximum of 7 days. If you are a Sumo Logic admin with the Manage Organizational Settings role capability, you can now specify the maximum web session timeout period that users in your org can select. For more information, see Set a Maximum Web Session Timeout.
October 28, 2020 (Search)
Update - Just wanted to let you know that we've made an underlying change to our XML Parsing library for parsing XML-formatted logs. The following minor behavioral chances will change how results are returned from parsing XML log:
- Empty nodes will be returned as self closing tags
For example - Consider the following xml log line (see last empty tag)
<users><user id="emptytag" role="manager"><first_name>Sally</first_name><last_name>Jones</last_name><email>sally@emailplace.com</email></user><user id="456" role="contributor"><first_name>Bob</first_name><last_name>Smith</last_name><email>bob@emailplace.com</email></user><user></user></users>
Query:
_sourceCategory=stag/xmltest ("678" or "emptytag")
| limit 5
| parse xml "/users/user[3]" as first_name nodrop
**Old lib **would return
New lib would return
2. Extra spaces in XML tags will be trimmed.
For example - Consider the following xml log line (see the extra space in yellow)
<users><user id="678" role="manager"><first_name>Sally</first_name><last_name>Jones</last_name><email>sally@emailplace.com</email></user><user id="456" role="contributor"><first_name>Bob</first_name><last_name>Smith</last_name><email>bob@emailplace.com</email></user></users>
Query:
<code>-sourceCategory=stag/xmltest ("678" or "emptytag")\
| limit 5
| parse xml "/users/user[2]" as first_name nodrop
Old lib would return:
<user id="456" role="contributor"><first_name>Bob</first_name><last_name>Smith</last_name><email>bob@emailplace.com</email></user>
New lib would return:
<user id="456" role="contributor"><first_name>Bob</first_name><last_name>Smith</last_name><email>bob@emailplace.com</email></user><code>
October 23, 2020 (Observability)
Update - We have rolled out audit logging support for Monitors. Create, read, update, and delete operations of Monitors are logged in the Audit Event Index.
October 23, 2020 (Apps)
New - We're happy to announce the Windows JSON App based on the JSON event log format and provides insight into the operations of the Windows system operation and events so that you can better manage and maintain your environment. The Windows JSON App is based on the JSON Windows event log format and consists of predefined searches and dashboards that provide visibility into your environment for real-time analysis of overall usage of Security Status, System Activity, Updates, User Activity, and Applications.
New - Active Directory JSON assists you in monitoring the Windows Active Directory deployment by analyzing Active Directory logs in the JSON based event log format. The app includes predefined searches and dashboards that provide user activity into your environment for real-time analysis of overall usage.
October 21, 2020 (Manage)
Update - Webhook payload variables need to be in mustache format. You do this by wrapping each variable in double curly brackets, like {{variable}}
. In February 2018 we introduced this format. We did not deprecate the previous format using a dollar sign, like $variable
. Going forward, we will only support mustache format.
The US1 and US2 deployments are scheduled to have this update next week.
This change was communicated to administrators of accounts still using the old format. Any existing alerts using the old format have been automatically switched to the new format.
October 21, 2020 (Metrics)
Change - We made some nice changes to our approach to disabling metric sources that generate too many unique time series. Instead of completely disabling a noisy metric source, we take a more fine-grained approach by dropping the offending dimension or dimensions.
Also, we've implemented a global limit for unique time series, across all your metric sources. That gives you some wiggle room---you can have some metric sources that generate lots of unique time series, and as long as the volume across all your metric sources doesn't exceed the global limit, you're good. If you are leveraging Short Term retention in Transformation Rules, you also get significantly higher capacity on the cardinality before being impacted.
Finally, we've increased the limit of unique time series a Logs-to-Metrics rule can produce. For more information, see Disabled Metric Sources and Logs-to-Metrics.
October 20, 2020 (Search)
New - We're happy to announce the release of new and improved Lookup Tables. We've improved performance, increased the allowable table size, and made Lookup Tables easier to create and manage. You can populate a Lookup Table by uploading a .csv file, using the save operator, or using the new Save to Lookup option when you schedule a search. Lookup Tables are now a first-class content item: you can view and share them from the Sumo Logic Library. To top it off, we've provided new versions of the save and lookup operators, plus two brand new operators: lookupContains and cat.
This is the first of many cool updates as we build a new Lookups framework that is intuitive, performant and flexible to support both operational and security analytics use cases.
Availability New Lookup Tables are available in all deployments except Sumo Logic's Montreal deployment, pending AWS providing a required AWS service in the Montreal region.