We are pleased to announce that the Sumo Logic Lambda Extension is updated to support collecting telemetry data using the new AWS Lambda Telemetry API. With this update, you can collect telemetry data, including logs, metrics, and traces in JSON format directly from the Lambda execution level. The extension gives a per-invoke level view of the Lambda function and provides insights into the function and execution environment lifecycle. For more information on how to start using it, refer to our documentation.
Customized Alert Response Notification Preferences
We’ve rolled out a feature that allows you to customize your Alert list page to display (by default) only the alerts that you care about, rather than showing all the open alerts within your organization.
You can do this by going to your Monitors page or Alerts page and subscribing to the specific monitors you'd like to follow.
With this release, we've also updated our Alert notification preferences to give you more granular control over specific monitor activity you want to follow.
Tracing - Environment Support for APM Dashboards
Update - Tracing dashboards now offer native support for OpenTelemetry's deployment.environment
standard tag.
OpenTelemetry deployment.environment
is a helpful way of slicing APM data between environments (e.g. dev vs prod). Previously, this was supported in tracing metrics as metadata and available for custom queries and dashboards, and now it's supported in our out-of-the-box dashboards as well.
- New Explore view: APM: Environment View
- New dashboard elements
...across environments
and...within environment
show data sliced or filtered for recognized environments environment
added to Entity Inspector as new entityenvironment
filter added to all drill-down views- Application Service View and Service Application View renamed to APM: Application view and APM: Service View, respectively. Both views now have a hierarchy level with
deployment.environment
.
Learn more:
Traces - OpenTelemetry Kubernetes Operator
New - we've released an OpenTelemetry Kubernetes Operator for tracing instrumentation. When you enable and install this operator, your application is instrumented automatically and traces will be sent to Sumo Logic. Learn more.
Metrics Explorer Enhancement
We’ve enhanced the Metrics Explorer to make metric query results easier to interpret. Now, you can define Warning and Critical threshold values for query results. When you do that, your chart view will be color-coded so you can easily spot out-of-threshold behavior. For more information, see Set Warning and Critical Thresholds.
Sumo Logic App for SailPoint
We are pleased to announce the availability of the Sumo Logic App for SailPoint. The Sumo Logic App for SailPoint helps you monitor the user events, actions, operations, failed logins, successful logins, and user activities to your applications through SailPoint.
New Slack Source
We’ve released a new Cloud-to-Cloud connector for Slack. The source uses the Slack Web API to collect channel, user, and message information from a Slack workspace. If you have a Slack Enterprise Grid license, the source also collects Security audit events across all of your Slack workspaces. For more information, see Slack Source.
New CyberArk EPM Source
We are pleased to announce the availability of the Sumo Logic App for CyberArk EPM. This new cloud-to-cloud connector uses Cyberark APIs to retrieve administrative audit events from every Set in your CyberArk environment.
Sumo Logic Orgs Update
We’ve released an improvement that eases the processes of administering and monitoring Sumo Logic Orgs. To streamline the child org provisioning process, we added support for auto-provisioning CSE instances for both enterprise and MSSP customers.
Search Results Table Update
We’ve made multiple updates to the Search Results Table to improve the user experience for viewing search results. The enhancements include:
- The ability to pin columns of interest.
- New setting to increase line height for messages.
- New table level options to expand and collapse messages.
- Context menu option to expand nested JSON.
Introducing Sumo Logic Open Source Docs
Welcome to the Sumo Logic Service Release Notes on our new docs site! We're now open source and encourage you to contribute. We welcome all contributions, from minor typo fixes to brand new docs. Your expertise and sharing can help fellow users learn and expand their knowledge of Sumo Logic.
Improved Data Forwarding UI
Manage
Update - We’ve released an improved, re-organized UI for Data Forwarding. There are now separate pages for managing different types of data forwarding destinations:
- Destinations that receive data forwarded from Sumo Logic partitions or scheduled views are still managed on the Manage Data > Logs > Data Forwarding page.
- Destinations that receive data from Installed Collectors are managed on a new page: Manage Data > Collection > Data Archiving page.
For more information see Forward Data from Sumo Logic to S3 and Forward Data from an Installed Collector.
Hash rules support for OTEL
Search
Hash rules now support 256 for OpenTelemetry collectors.
Trace Span Monitors, Entity Inspector
Traces
Ability to configure monitors with Search Query Language based on Trace Spans index has been officially enabled for all customers. Learn more.
Additionally, we now also support:
- Scheduled Searches for Traces
- Scheduled Views for Traces
Alerts
Update - We are happy to announce the release of new functionality for Entity Inspector. With the latest update, Entity Inspector will now be able to suggest related Entities from different domains based on your tracing data. This functionality will allow quickly switching context between application and infrastructure domain, making it easier to respond to alerts and investigate issues that require correlating data from both applications and infrastructure. This functionality is available by default to all customers.
Metrics Operators, AWSO 2.5.1
Metrics
New - We're happy to announce two new metrics operators:
- ewma—Computes an exponentially weighted moving average on a stream of metrics. This allows you to smooth out short-term fluctuations (outliers) and display long-term trends.
- where—Allows you to filter data points by value.
Observability
Update - We are announcing a minor update of the AWS Observability 2.5.1. This contains changes required due to the end of support for Node.js 12.x in the AWS Lambda as announced here by AWS. As part of this update, the Node.js runtime environment for AWS Observability Lambda functions has been updated to 16.x. For more information on updating the AWS Observability to the latest version, see Update AWS Observability Stack.
Sumo Subscriptions, Metrics Updates
Collection
Update - Good news! We've increased the number of Cloud-to-Cloud Sources that customers with paid Sumo Logic subscriptions can have, from 20 to 50. For users of free accounts, the limit remains 20 Cloud-to-Cloud Sources. For more information, see Cloud-to-Cloud Integration Framework.
Metrics
Update - We've updated the release note published on August 30, 2022, which incorrectly stated that the timeslice metrics operator had been released.
Access Keys Update
Security
Update - We've improved out Access Key UI to make it easy to spot Access Keys that haven't been used lately. Now the Access Keys management page displays the date and time an Access Key was last used to make a request to an API endpoint. For more information, see Access Keys.
In a future update, Sumo Logic will, by default, automatically disable Access Keys that have not been used for 30 days. Your Sumo Logic admin will be able to configure the period of time before an unused key will be disabled.
GitHub Advanced Security
Apps
Update - GitHub Advanced Security dashboards are now available for the Sumo Logic App for GitHub. These new dashboards include Code Scanning Alerts, Pushes, Secret Scanning Alerts, Security and analyses and Repository Vulnerability alerts.
Alert Grouping
Alerts
New - We’re happy to announce the release of Alert Grouping, which allows you to generate more than one alert from a given monitor by specifying a group condition on one or more fields. For example, rather than creating multiple monitors for each service
, you could create one single monitor that notifies you when some metric (i.e., CPU utilization, error count) goes above the threshold for a given service
. Learn more.
New - Configurable Resolution Window for Logs allows more quickly resolve alerts when the underlying issues are fixed. You can configure how long a monitor will wait, before resolving the alert, when the underlying issues was corrected (earlier the monitor waited one complete window before resolving). Learn more.
New - You can now access your monitor playbook as a template variable, {{playbook}}
. You can reference this template variable to customize your notification payloads similar to any other template variable. Learn more.
AWS LambdaTest, Cost Explorer, Application Components
Apps
New - LambdaTest allows you to analyze your testing behavior and error trends. LambdaTest is a continuous quality testing cloud platform that helps developers and testers ship code faster. The LambdaTest platform provides secure, scalable, and insightful test orchestration for customers at different points in their DevOps (CI/CD) lifecycle.
New - we’re happy to announce the release of the Sumo Logic App for AWS Cost Explorer, which allows you to visualize, understand, and manage your AWS costs and usage over time.
With the Sumo Logic App for AWS Cost Explorer, you can use our out-of-the-box dashboards as well as filtering and grouping capabilities to dive deeper into your cost and usage data and generate custom insights. Gain a better understanding of your cost trends and see detailed information about the costs and usage associated with your top cost-accruing AWS accounts, regions, services, and operations.
Update - We are happy to announce the release of a new Explore Hierarchy for Database Application Components, together with the support of related Database Entities in Entity Inspector. This functionality allows you to organize your data in a structured hierarchy and utilize the database dashboards available out-of-the-box from App Catalog. Currently, the following Database engines are supported by this feature:
If you already use one of the above apps, you will need to reinstall it to benefit from the newly added functionality.
Real User Monitoring
Traces
New - we're happy to share extended coverage for Real User Monitoring (RUM), our solution that provides insight into your users' end-to-end browser experience interacting with your web apps. New RUM capabilities include:
- New dashboard panels for the following metrics:
- XHR timing
- longtask delays (browser freezes)
- Core Web Vitals KPIs
- Geolocation
- Single-page app support:
- Monitoring of XHR calls and navigation/route changes
- XHR performance and availability metrics
- New specific Action names for XHR actions ("Click on [button] on [page]") and single-page app navigation/route change actions ("Route to [page]")
- New Explore tree levels for three new action types: document loads, XHR actions and route changes
- Browsers errors (e.g., unhandled errors/rejections, failed resources, console errors) are now captured automatically and populated in the
_index=sumologic_rum_errors
log index and dashboards- Browser errors ingest volume is now added to your Continuous tiers budgets and credits consumption.
This new functionality requires RUM script in version 4 or higher (https://rum.sumologic.com/sumologic-rum-v4.js
). Please ensure you are using the correct version in your pages. For automatic updates, use https://rum.sumologic.com/sumologic-rum.js
.
New Metrics Operators
New FedRAMP Sources
Collection
Update - We are pleased to announce that the following Cloud-to-Cloud Integration Framework sources are now available in Sumo Logic’s FedRAMP deployment:
Increased Fields Limit
Search
Update - For Enterprise Suite customers, we’ve doubled the number of Fields you can create. The per account Fields limit is now 400. The limit applies to Fields that you configure for sources or collectors and those you create using Field Extraction Rules.
Scheduled Views UI (2 of 2)
Search
The new UI for creating and managing Scheduled Views that we described in our August 4 release note has been released.
MongoDB Atlas, Host Metrics EC2
Apps
New - We’re happy to announce the release of the Sumo Logic App for Host Metrics (EC2). This App allows you to collect your EC2 instance metrics using Sumo Logic Installed Collector and display them using predefined search queries and Dashboards. The App provides Dashboards to analyze EC2 instance metrics for CPU, disk, memory, and network.
Update - We are glad to update that the Sumo Logic App for MongoDB Atlas now allows you to monitor database operations and performance KPIs and provides visibility into the security posture of your clusters.
Scheduled Views UI (1 of 2)
Search
Update - We’re preparing to release a new UI for creating and managing Scheduled Views. The rollout will commence the week of August 8, 2022. The new interface is clean and compact—now you'll be able to configure a new Scheduled View in a right-hand pane that appears next to the list of existing Scheduled Views.
Reliability Management, Trace Queries
Observability
New - We're thrilled to announce our new Observability feature, Reliability Management, a foundational capability that helps you define, monitor and manage your modern app stacks to Service Level Objectives (SLOs). Managing SLOs is key to ensuring that modern app stacks are performing reliably for end users. SLOs also help you focus on measuring what matters for their end user’s digital experiences. As a result, they can streamline Observability by minimizing the monitoring and alert chaos that exists in many organizations. Benefits include:
- Simple experience for Site Reliability Engineers (SREs) and developers to define and monitor even their most complex SLOs
- Full-featured SLOs that can model any SRE requirement and leverage logs, metrics, and tracing telemetry
- Automation through Terraform, allowing developers and SREs to templatize, operationalize and manage SLOs as code
- SLO data available as log messages enabling customers to extend existing dashboards to feature SLO data or build proprietary dashboard experiences
See our Reliability Management docs for more information.
Traces
Update - we've increased data retention for Trace queries from 7 to 15 days, allowing for more time to search, filter, and diagnose recent issues. This 15-day extension comes at no additional cost. For more information, see Viewing and Investigating Traces.
AWS Observability 2.5.0
Observability
Update - We’re happy to announce the release of our AWS Observability Solution v2.5.0, which includes.
- Enhanced dashboards for EC2 Host OS Metrics, including support for Amazon EC2 CloudWatch: now you can monitor your EC2 instances via CloudWatch and Installed Collector simultaneously and see results side-by-side.
- Support for Amazon SNS - we’ve added out-of-the-box dashboards with the most important information about messages, events, and errors illustrating SNS health and reliability.
- Enhanced dashboards for supported Amazon services - the following services were updated and revamped DynamoDB, API Gateway, RDS, EC2 Metrics, ElastiCache, and All Load Balancers.
- New CLI-based onboarding flow: now, you can roll out a comprehensive AWS monitoring with just a single CLI command by providing your AWS and Sumo credentials.
- Streamlining of Root Cause Explorer drill-downs. While you can still find your AWS anomalies in the RCE screen from the new menu and Entities panel, we have removed RCE dedicated “Events of interests” dashboards from the top-level Dashboards drop-down menu.
- Simplified TerraForm onboarding process by importing Field Extraction Rules (FERs).
- Bug fixes.
July 29, 2022 (Metrics)
New - Our metricsfromtrace
and rummetricsfromtrace
metrics have a new metadata tag, deployment.environment
, which is automatically created from same tag (part of OpenTelemetry specification) present in tracing data. In case the tag is not present in spans, deployment.environment
is set to default. This tag can be used to build custom dashboards by environments (i.e., prod, staging, test). Support for this field in Explore views and out-of-the-box dashboards is coming soon.
July 28, 2022 (Security)
New - The role capability we posted about on July 18—Download Search Results—is now released. This capability, which grants the permission to download log search results, is enabled for all roles. Note that if you manage role capabilities using the Sumo Logic API or Terraform, you need to add the “downloadSearchResults” capability to the capabilities list for each role that should be able to download search results.
July 22, 2022 (Apps)
New - The Sumo Logic App for AWS EC2 uses EC2 instance cloudwatch metrics & EC2 Cloudtrail events and displays them using predefined dashboards. The App provides dashboards with insights into KPIs related to CPU, disk, network, EBS, Health Status Check, and events from EC2 Cloudtrail.
Update - Amazon Simple Notification Service (SNS) is a pub/sub messaging and mobile notifications service for coordinating the delivery of messages to subscribing endpoints and clients.
The Sumo Logic App for Amazon SNS collects CloudTrail logs and CloudWatch metrics to provide insights into the operations and utilization of your SNS service. This includes tracking the most active topics, failures, errors, and geographical locations of SNS clients.
July 21, 2022 (Metrics)
Update - When you query high cardinality metrics, the results can be hard to read and interpret. The Metrics Explorer now offers aggregation tips—recommendations for adding an aggregation clause to high cardinality metrics queries. You can easily add the suggested clause to your query, or ignore the suggestion, as desired. For more information, see Metric Aggregation Tips.
July 18, 2022 (Security)
Update - The week of July 25, 2022, we’ll be releasing a new role capability—Download Search Results—that grants the permission to download log search results. This capability will be enabled for all roles. If you manage role capabilities using the Sumo Logic API or Terraform, when the new capability is released, you’ll need to add the “downloadSearchResults” capability to the capabilities list for each role that should be able to download search results.
July 15, 2022 (Apps)
Update - The Sumo Logic AWS Lambda App uses the Lambda logs via CloudWatch, CloudWatch Metrics, and the CloudTrail Lambda Data Events to visualize the operational and performance trends in all the Lambda functions in your account. The preconfigured dashboards provide insights into executions, memory and duration usage by function versions or aliases, errors, billed duration, function callers, IAM users, and threat details. This app is updated from the AWS observability solution in the App Catalog. Updates include new Dashboards for Request, Error, Resource Usage, and Performance Analysis. Also, it includes a new Dashboard for analyzing Threat Intel.
New - The Sumo Logic App for AWS Network Load Balancer (that is a load balancer working on 4 layer of OSI model) is using metrics to provide insights to ensure that your network load-balancers are operating as expected, backend hosts are healthy and to quickly identify errors.
July 14, 2022 (Observability, Collection)
Observability
New - We’re pleased to announce our new in-product Kubernetes onboarding experience, which guides first-time users step by step through data collection setup (Orchestration, Infrastructure & App Data), the dashboard generation process, and alert monitors installation. To try it out, go to Sumo Logic > App Catalog > Kubernetes app > then follow the wizard steps. You can also refer to our new Kubernetes Quickstart doc, which mirrors the in-product onboarding workflow.
Collection
New - We’re pleased to announce the release of the GCP Metrics Source. The new source gives you visibility into Google Cloud Platform (GCP) infrastructure and managed services using an integrated Google Service account. You can collect metrics from 35 native GCP services, as well as from custom services running on GCP.
July 13, 2022 (Manage)
Update - We have renamed our default partition from “Default Continuous Partition” to “sumologic_default”. Now you can directly query the data stored in the default partition, where all data is ingested unless explicitly routed into another partition. Any APIs that reference the default partition by its previous name, “Default Continuous Partition”, should be updated to refer to “sumologic_default” instead. For more information, see Search the Default Partition.
July 8, 2022 (Apps)
Apps
Update - The Sumo Logic App for AWS Observability Classic Load Balancer uses CW logs and metrics to give you visibility into the health of your Classic Load Balancer. Use the pre-configured dashboards to understand the latency, request and host status, threat intel, and HTTP backend codes by availability zone. This app is updated from the AWS observability solution in the App Catalog. Updates include upgrading all dashboards to Dashboards(New), additional Dashboards to analyze Request and Process Bytes, and Dashboard to monitor Threat Intel.
Update - The Sumo Logic App for Amazon ElastiCache provides visibility into key event and performance analytics that enable proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes, and failures, as well as system health and performance metrics. The dashboards also have additional performance insights for Redis clusters. This app is updated from the AWS observability solution in the App Catalog. Updates include upgrading all dashboards to Dashboards(New) and new Dashboards for Redis performance details and Command Latency.
Update - The Sumo Logic App for AWS Application Load Balancer uses CW logs and metrics to give you visibility into the health of your Application Load Balancer and target groups. Use the preconfigured dashboards to understand the latency, request and host status, threat intel, and HTTP backend codes by availability zone and target group. This app is updated from the AWS observability solution in the App Catalog. Updates include upgrading all dashboards to Dashboards(New) and new Dashboards for Response Analysis, Target Group Response Analysis, and Request and Processed Bytes.
Metrics
New - Care to comment? Now you can. In the Metrics Explorer, in Advanced Mode you can add comments to a metrics query and comment out portions of the query by using comment formatting. Comments are helpful for troubleshooting during query development, and also for other users who may use or edit your queries at a later date—comments you add will be visible in saved and shared queries. For more information, see Comments in Metric Queries.
Update - The eval metrics operator has been enhanced to support a _granularity
option that provides the length, in milliseconds, of the bucket used for quantization, for use in metric queries.
Observability
New - We’re pleased to announce our new in-product Kubernetes onboarding experience, which guides first-time users step by step through data collection setup (Orchestration, Infrastructure & App Data), the dashboard generation process, and alert monitors installation. To try it out, go to Sumo Logic > App Catalog > Kubernetes app > then follow the wizard steps. You can also refer to our Kubernetes Quickstart doc, which mirrors the in-product onboarding workflow.
July 7, 2022 (Metrics)
Update - We’ve improved our zoom-in feature for metric charts. Up until now, zooming into a metric chart simply increased the size of the chart. Now, for time series charts in which the query uses automatic quantization, when you zoom in the chart presents results based on more granular data: the bucket size across which results are quantized is reduced. For more information, see Zoom in on a time series chart.
July 4, 2022 (Apps)
Apps
New - The Sumo Logic AWS API Gateway App provides insights into API Gateway tasks while accepting and processing concurrent API calls throughout your infrastructure, including traffic management, CORS support, authorization, access control, throttling, monitoring, and API version management. This App was already part of the AWS observability solution and will now be available as a standalone app in the App catalog.
Update - The Sumo App for Amazon DynamoDB uses logs and metrics to provide operational insights into your DynamoDB. The App includes Dashboards that allow you to monitor key metrics, view the throttle events, errors, and latency, and help you plan the capacity of your DynamoDB instances. This App updates from the AWS observability solution in the App Catalog. Updates include upgrading all dashboards to Dashboards(New) and adding a new threat intel Dashboard to the App.
Update - The Sumo Logic Amazon RDS App dashboards provide visibility into your Amazon Relational Database Service (RDS) performance and operations. Preconfigured dashboards allow you to monitor critical metrics of your RDS cluster, including CPU, memory, storage, the network transmits and receive throughput, read and write operations, database connection count, disk queue depth, and more. Audit activity dashboards help you monitor activities performed on your RDS infrastructure. This app updates from the AWS observability solution in the App Catalog. Updates include upgrading all the dashboards to Dashboards(New). New Audit activity dashboards help you monitor activities performed on your RDS infrastructure and RDS instance-specific dashboard support for - Aurora and MySQL and Performance Insights dashboards.
Update - Sumo Logic and AWS are excited to announce an update to Sumo Logic Integrations for AWS Organizations. This solution allows joint customers of AWS and Sumo Logic to automate the integration of AWS Security Reference Architecture-compliant organizations with Sumo Logic Cloud SIEM powered by AWS.
Our updates support Security Reference Architecture (SRA)-compliant setup of:
- AWS Security Hub
- Centralized logging of AWS Network Firewall and AWS WAF
- AWS Firewall Manager
New - We are happy to announce the release of AWS Observability Installation Automation. This release enables a simplified method of deploying AWS Observability using default parameters with just one quick command requiring only Sumo Access Id and Key. This method features POSIX and PowerShell scripts to trigger the Cloud Formation template for creating a stack to enable complete visibility into your AWS account infrastructure's health and reliability.
Alerts
Update - We’re continuing to make alerts and monitors more customizable to give you control over how often you are notified. You can now:
- Visually indicate Alerting Query: For Metrics monitors with multiple query rows, we now visually indicate the alerting query row with a notification bell icon.
- Improved JSON Validations for Connection Payloads: We're enforcing stricter JSON validation during creation and updating of Connections to prevent errors that could cause notification failures in the future. There are two major validations that we have started enforcing:
- If there is a trailing comma (
,
) after the last"key": "value"
in the JSON Payload structure, we will error out. - If there are multiple keys with the same name at the same level within a JSON payload, we will throw an error.
- If there is a trailing comma (
- Monitor Alerts/Recovery Condition changes: We no longer support Log Monitors with an Alert threshold condition of “
less than 0
” or “greater or equal to 0
” . This is because Log queries always result in0
(when there is no data) or more (when there is data) rows, and monitors that were configured with these conditions were not firing alerts.
June 23, 2022 (Alerts)
Update - We’ve made alerts and monitors more customizable to give you control over how often you are notified. You can now:
- Customize the alert name to differentiate between multiple alerts created from the same monitor.
- Choose recovery based on “Single Data point” meeting the recovery threshold or “all data points” meeting the threshold before the alert is resolved.
June 21, 2022 (Traces)
Update - Traces can now show aggregated trace duration critical path contribution (CPC) breakdown chart summarized for all traces from the Traces query result set.
Use this chart to:
- Quickly understand intermittent duration spikes or slowdowns
- Immediately spot offending service by comparing CPC contribution by service
June 15, 2022 (Apps)
New - Gigamon ThreatINSIGHT allows you to stay a step ahead by giving your security teams more: time, data, and insight into attacker behavior. The Gigamon ThreatINSIGHT App for Sumo Logic provides dashboards and visualizes data from ThreatInsight MetaStream files, which helps in identifying potential threats enabling rapid, informed response.
New - The Gigamon HAWK app for Sumo Logic provides deep observability by collecting application context from the network. Its rich metadata attributes extraction offers a holistic picture of what’s happening in the network.
New - The Lucidum app for Sumo Logic eliminates blind spots across cloud, security, and IT operations. It gives information about assets, data sources, services, locations, risk factors, and ports.
June 14, 2022 (Metrics)
Update - We’re happy to announce a new and improved Time Series tab (previously known as the Preview Table) in the Metrics Explorer. The redesigned table is more compact and easier to read, and you can control which dimensions and data appear in the table using the checkboxes in the pane to the left of the table. When you mouse over a cell in the Time Series table, you can click a three-dot icon to display a context menu that allows you to add dimensions to the query, copy dimensions and values, copy the entire time series, and more. The context menu is supported in both basic and advanced mode. You can export query results in whole or in part to a .csv file.
June 10, 2022 (Collection)
New - Our Cloud-to-Cloud Integration Framework has two new Sources, Netskope WebTx: The Netskope WebTx API integration ingests Web Transaction logs from Netskope Event Steam and Box: The Box API integration ingests events from the Get Events API. It securely stores the required authentication, scheduling, and state tracking information.
June 9, 2022 (Traces)
Beta - Setting up Tracing instrumentation for Java, Python and NodeJS applications deployed in Kubernetes just got easier. In a few simple steps with the OpenTelemetry-Operator your application is automatically instrumented and your Traces are sent to Sumo Logic. Auto instrumentation for Java, Python and NodeJS applications deployed in Kubernetes is now in Beta.
June 8, 2022 (Apps)
New - We pleased to announce the availability of the Carbon Black Cloud App. This app analyzes alert and event data from VMware's Endpoint Standard and Enterprise EDR products and provides comprehensive visibility into the security posture of your endpoints, enabling you to determine the effects of breaches in your environment. The app provides visibility into key endpoint security data with preconfigured dashboards for alerts, threats intelligence, feeds, sensors, alerts, users, hosts, processes, IOCs, devices and network status.
June 7, 2022 (Manage)
New - Want to upgrade or change your Cloud Flex Credits Essentials plan? Good news: now you can do it yourself. If you’re a Sumo Logic admin, you can use the Manage Plan page to change your plan period from monthly to annual, or from annual to monthly. You can also increase or decrease your account ingest levels and retention settings to meet your evolving requirements. For more information, see Update an CloudFlex Credits Account.
June 2, 2022 (Traces)
New - We are excited to announce support for Span Links is now available in Tracing. You can navigate between spans using hyperlinks in the metadata tab as well as search for spans in the trace query and span analytics areas. Span Links are part of OpenTelemetry specification and should be added on the instrumentation side. Links can point to Spans inside a single Trace or across different traces and can represent, for example, batch operations where a span is initiated by multiple initiating spans. For more information, see View and Investigate Traces.
May 27, 2022 (Metrics)
Update - We’re making some architectural changes to the Sumo Logic Metrics Engine to support on-going functionality and scalability improvements. The changes may have some impact on query language semantics for queries that use aggregation or reducer operators.
For aggregation queries, the changes are limited to the metadata used to label the metric dimension in the Preview Table in the Metrics Explorer, and in the chart legend. For queries with reducer functions–eval
, filter
, topk
, bottomk
–there may be a slight difference in how we quantize the metric data. The engine updates will be rolled out starting on June 13, 2022. For information how the updates might affect existing metrics queries, and how you can update existing queries to avoid any impact, see Metrics Engine Updates.
May 23, 2022 (Traces)
New - We're happy to announce that you can now instrument Lambda layers for Java in container-based Lambda functions and then see these Traces in Sumo Logic.
May 20, 2022 (Alerts)
Updated - We’re pleased to announce the availability of permissions for Monitors folders. This feature enables folder-level control of who can view, update, create, delete, and manage Monitors. For more information, see Grant permissions to Monitors folders.
This feature is not enabled by default. Contact Sumo Logic Support to have it enabled.
May 16, 2022 (Apps)
Update - We've improved your Sumo Logic app installation process and added guidance to make it easier to find the sources you need and get started faster with all the dashboards and pre-built queries we have waiting for you.
May 11, 2022 (Alerts)
New - The new default payloads are now available for the following connections using new variables.
- AWS Lambda
- Azure Functions
- Cloud SOAR
- Datadog
- HipChat
- Jira
- Microsoft Teams
- New Relic
- PagerDuty
- ServiceNow
- ServiceNow (Legacy)
- Slack
- Webhook
May 10, 2022 (Apps)
New - We are excited to announce the Sumo Logic 1Password App release. You can now monitor your 1Password account’s sign-in and item usage events. The dashboards help in providing insights into failed authentications, successful authentication, event breakdown by client applications, type, category, users, geolocation of events, outliers, and threat analysis of sign-in events. This app also helps you secure your 1Password vault access by providing insights into user actions and threat intel analysis on clients accessing items in shared vaults.
April 28, 2022 (Security)
Update - The default web session timeout for new users has been increased from 15 minutes to 6 hours. If your currently configured session timeout is set to less than 6 hours, new users will receive the value set within the policy as the default.
Update - We Increased the timeout for new user account verification from 12 hours to 72 hours to allow for weekends and to give new users more time to see and take action on the new user welcome email.
April 26, 2022 (Collection, Traces)
Collection
New - Our Cloud-to-Cloud Integration Framework has a new Source. The Dropbox Source provides a secure endpoint to receive team events from the Get Events API.
Update - The Tenable Source now supports collecting audit logs from the Audit Log API and assets from the Asset Export API. We've also added the ability to define Processing Rules.
Traces
New - You can now add the results of Spans queries directly to Dashboards from the Spans analytics window. You'll use the same easy query builder to modify your panels later. You can still use Log Search to add span results to Dashboards by running queries in the _trace_spans
index. The same limitations of Log Search still apply, your query scan volume should not exceed 200x of your tracing ingest.
April 17, 2022 (Apps)
Update - We’ve released an update to the Amazon S3 app. The key improvement is a new Threat Intel dashboard that provides high-level views of threats across your S3 buckets and objects. We also added a new “S3_Bucket” filter to each of the dashboards, so you can slice and dice data by S3 bucket name.
April 7, 2022 (Alerts)
New - System events for Alerts are now logged to the Sumo Logic Audit Event Index. You can use the alert system events to analyze your monitoring posture overall and answer questions like these, and more:
- How many alerts are created and resolved per day?
- Which monitors fire the most alerts?
- How long does it typically take to resolve alerts?
You can search for system events for Alerts by scoping your search like this:
_index=sumologic_system_events _sourceCategory=alerts
April 6, 2022 (Monitors)
Update - The alert history of a Monitor is now quickly accessible on a new tab of the details pane.
April 5, 2022 (Collection)
New - We're excited to announce a new milestone in innovation for Sumo Logic Observability with the Sumo Logic OpenTelemetry Distro Collector (OT Distro).
The OT Distro Collector is designed to simplify and democratize the collection of logs, metrics, traces, and metadata from modern cloud applications. With this announcement, Sumo Logic further embraces open source and establishes OpenTelemetry as its future standard to collect all machine data, breaking from the legacy model of using proprietary agents to gather critical application and infrastructure telemetry.
April 4, 2022 (Apps)
Update - We’ve updated two Sumo Logic apps for Palo Alto Networks to support PAN-OS 10:
March 30, 2022 (Observability)
Update - The AWS Observability Solution 2.4.0 release includes a new AWS Service - Classic Elastic Load Balancer (ELB), install location selection, and sharing options with the Sumo Logic organization during installation. This update also includes updated dashboards for AWS Classic ELB Service, a new AWS ECS - Events dashboard for AWS CloudTrail, enhanced Lambda dashboard for Lambda cold start duration, and updated FERs. Update to the latest version to take advantage of these features. See the Changelog for additional details.
March 29, 2022 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source. The SailPoint Source provides a secure endpoint to receive Events and User Inventory data from the IdentityNow V3 API.
March 28, 2022 (Apps)
New - We are delighted to announce the release of the Sumo Logic Amazon Route 53 Resolver Security app. Use this app to monitor and analyze the DNS queries and Resolver Firewall logs for your Amazon Route 53 deployment. The preconfigured dashboards provide insight into a variety of DNS activities in your environment.
March 17, 2022 (Apps)
Update - The AWS Kinesis Firehose for Logs Source now has the option to collect undelivered logs from the backup directory.
Update - The Azure Event Hubs Source now supports Processing Rules and timestamp configuration options for logs.
March 17, 2022 (Apps)
New - We are excited to announce the release of the Sumo Logic PagerDuty V3 App. The PagerDuty V3 app collects incident messages from your PagerDuty account via a webhook, and displays incident data in pre-configured Dashboards that allow you to monitor and analyze the activity of your PagerDuty account and Services. The Sumo Logic App for PagerDuty V3 uses Webhooks V3, to provide enhanced context for alert object models.
March 15, 2022 (Traces)
We are proud to announce general availability of extended trace filtering capabilities. This allows you to search for traces by any existing and new metadata, including your custom ones without a need to add this to the configuration or knowing this upfront, before you start ingesting data. Just add any metadata tag to your spans and, as long as its cardinality within a trace is not too high, you will be able to filter by it right away in your Traces UI. See View and Investigate Traces for more information.
March 8, 2022 (Collection)
Our Cloud-to-Cloud Integration Framework has the following new Sources:
March 1, 2022 (Alerts)
New - If you are using Sumo Logic Cloud SOAR, you can now integrate Monitors and Scheduled Searches with Cloud SOAR via a new webhook connection. This new capability allows you to send Alerts to Cloud SOAR to further process and operate on these incidents. The result is a rich and connected experience between your data residing in Sumo Logic and the security response capabilities within Cloud SOAR.
dedup Search Operator
Search
New - The Search Query Language has a new operator, dedup allows you to:
- Remove duplicate events containing an identical combination of values for the fields.
- Specify the number of duplicate events to keep for each value of a single field.
- Choose a combination of duplicate values among several fields.
New Monitors Shortcut
Security
Update - We’ve eased the process of offboarding Sumo Logic users. Now, when you delete a user’s Sumo Logic account, you can transfer the user’s Monitors to another user, along with folders, searches, scheduled searches, scheduled views, monitors, and dashboards. For more information, see Delete a User.
Monitors
Update - The Monitors page has a new shortcut to quickly view triggered alerts from a Monitor. Hover your cursor over the Status column of a Monitor and click the icon to open Alert List.
Couchbase app
Apps
New - We are delighted to announce the release of the Sumo Logic Couchbase App. The Couchbase app is a unified logs and metrics app that helps you monitor the availability, performance, and resource utilization of Couchbase database clusters. The preconfigured dashboards provide insight into the health of clusters, the status of the buckets, I/O of reading/writing, errors, events of Couchbase servers that help you understand your clusters.
Sumo Orgs Admin improvements
Manage
Update - We’ve made an improvement to the Sumo Logic Organizations (Sumo Orgs) feature, which allows you to create, provision, and manage multiple "child" orgs from a "parent" org. Now, when you provision a child org, you can allocate credits for trace ingestion, as well as log and metric ingestion.
Trace Spans Increase
Traces
New - Number of spans per Trace has been increased by 10 times to 10000 spans per trace to better support monitoring for long running and complex transactions. Please note that new spans can increase credits consumption.
Update - Traces logs and data includes a new duration
field that holds the difference between endTimestamp
and startTimestamp
in nanoseconds.
Trace Spans data index
Traces
New - Announcing general availability of dashboard support for Trace Spans data index. You can now pin results of your queries on spans data directly to the Dashboard. You can add the query through the Log Search screen when running queries in _trace_spans
index as long as your read volume does not exceed 200x of your tracing ingest (more info). Support for doing this directly from the Spans analytics window is coming soon.
Sauce Labs App
Apps
New - The Sumo Logic app for Sauce Labs integrates your Sauce Labs test data with the Sumo Logic Analytics Platform to easily aggregate, visualize, and monitor all of your test data. Connect Sauce Labs data with other data sources for a comprehensive view of your development pipeline.
SDO Delivery Times
Apps
New - The SDO App now provides a Software Development Optimization - Development & Delivery Times dashboard to help you monitor development lead times and delivery lead times across the three main phases of development and delivery: Active Development, Review and Merge, and Deployment. Each section shows the phases broken down by team, service, and environment.
Trace Span Events
Traces
New - Traces now include Span Events that describe and contextualize the work being done in a Span by tracing and displaying that data in Trace Views. These events are optional time-stamped strings made up of a timestamp, name, and (optional) key-value pair attributes. Select a marker in the timeline or a span to review the Span Event data.
MariaDB, Nginx, IIS 10, Oracle, Squid Proxy
Apps
New - We are delighted to announce the release of the Sumo Logic MariaDB app. The MariaDB app is a unified logs and metrics app that helps you monitor the availability, performance, and resource utilization of MariaDB database clusters. Preconfigured dashboards and searches provide insight into the health of your database clusters, performance metrics, resource metrics, schema metrics, replication, error logs, slow queries, Innodb operations, failed logins, and error logs.
New - We are excited to release the Sumo Logic Nginx app. The Nginx app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your Nginx web servers. Preconfigured dashboards and searches provide insight into connections, requests, visitor locations, visitor access types, traffic patterns, errors, web server operations, and access from known malicious sources.
New - We are delighted to release the Sumo Logic IIS 10 app. The IIS 10 app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your IIS web servers. Preconfigured dashboards and searches provide insight into application pools, ASP.NET applications, requests, latency, visitor locations, visitor access types, traffic patterns, errors, web server operations, and access from known malicious sources.
Update - We are excited to release the additional Logs and Metrics dashboards added for the Sumo Logic Oracle app. The Oracle app is a unified logs and metrics app that helps you monitor the availability, performance, and resource utilization of Oracle database clusters. Preconfigured dashboards and searches provide insight into the health of your database clusters, parallel executions, resource utilization, response time, tablespaces, throughput, wait for class/events, listeners, audit logs, and security.
Update - We are pleased to announce the availability of additional Logs and Metrics dashboards added for the Sumo Logic Nginx Ingress app. The Nginx Ingress app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your Nginx Ingress web servers. Preconfigured dashboards and searches provide insight into connections, requests, ingress controller metrics, visitor locations, visitor access types, traffic patterns, errors, web server operations, and access from known malicious sources.
Update - We are delighted to release the additional Logs and Metrics dashboards added for the Sumo Logic Squid Proxy app. The Squid Proxy app is a unified logs and metrics app that helps you monitor activity in Squid Proxy. The preconfigured dashboards provide insight into served and denied requests; performance metrics; IP domain DNS statistics; traffic details; HTTP response codes; URLs experiencing redirects, client errors, and server errors; and quality of service data that helps you understand your users’ experience.
Dashboard Refresh Configuration
Dashboards
New - You now have the ability to configure how often a dashboard is refreshed by clicking the dropdown arrow next to the refresh icon.
2021 Archive
This is a 2021 archive of Service Release Notes. The current Service Release Notes are here.
December 17, 2021 (Search)
New - Keyboard shortcuts are now available to generate comments in Search queries. Use command + / on macOS or control + / on Windows.
December 9, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source. The Google Workspace Source collects data from the Google Workspace Users API.
Update - The Okta Source, in addition to System Log data, now supports collecting User Inventory data.
November 30, 2021 (Apps)
New - As an integration partner with Amazon, we are pleased to announce our new Amazon Inspector App. Amazon Inspector is an automated vulnerability management service that continually scans Amazon EC2 and container images for software vulnerabilities and network exposures. The Sumo Logic Inspector App helps reveal trends and identify anomalies from these findings.
November 18, 2021 (Apps)
New version - We are excited to announce the GA release of the updated Data Volume App. This release provides our customers an ability to view and track account usage for Traces, Cloud SIEM Enterprise, and Data Tiers. In addition to this customers will also be able to track usage in both native units as well as Sumo Logic credits. We have enhanced the existing "sumologic_volume" index and added new index categories for these key capabilities.
November 18, 2021 (Search)
Update - The fillmissing operator has a few improvements:
- Timeslice granularity is automatically defined based on the time used in the timeslice operator.
- Values has an all option that uses all the distinct values for the field from the query results.
- A new takeLast option can fill in values for non-key fields by taking the value from the previous timeslice.
November 17, 2021 (Monitors)
Update - Monitor auto resolution is now supported with generic webhooks and Lambda connections.
November 9, 2021 (Software Development Optimization)
New - The Software Development Optimization (SDO) solution offers integrations for Gitlab and CircleCI to monitor SDLC processes. This integration provides set up, configuration, and Field Extraction Rules (FERs), no longer requiring customers to create their own integrations and FERs. For details, see Set up the Software Development Optimization Solution guide for manual and Terraform instructions.
November 5, 2021 (Monitors)
Update - Monitors now offer an option to set an evaluation delay that offsets when the Monitor executes. This option allows you to account for any delays in ingestion, ensuring the Monitor only evaluates complete data.
October 29, 2021 (Monitors)
Update - Enterprise accounts can now have up to 1,000 Log Monitors. Previously they supported up to 300.
October 28, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source. The SentinelOne Mgmt API Source collects data from the SentinelOne Management Console.
Update - The Mimecast Source, in addition to SIEM data, now supports collecting DLP, Audit, and Hold Message List data from the Mimecast API.
October 27, 2021 (Traces)
New - Build custom Dashboards with new panels to view Service Maps filtered by service and application and Trace Lists filtered by a query to directly access trace views. Add panels to existing or new dashboards, setting filters and customized options.
October 27, 2021 (Apps)
New - We are excited to release the Sumo Logic GitLab app. The GitLab app allows you to can gain insights into the health of builds, deployments, pull requests, commits, and more to quickly understand which teams and processes need help to increase velocity and quality.
New - We are excited to release the Sumo Logic Host and Process Metrics app. The Sumo Logic App for Host and Process Metrics allows you to monitor the performance and resource utilization of hosts and processes that your mission critical applications are dependent upon. Preconfigured dashboards provide insight into CPU, memory, network, file descriptors, page faults, and TCP connectors. This app uses Telegraf, an open-source, plugin-based collector for the collection of both host and process metrics data.
Update - We are delighted to announce the availability of additional Logs and Metrics dashboards added for the Sumo Logic app for Istio. The Sumo Logic App for Istio provides visibility into the health and performance of Istio and its control plane components, including Mixer, Galley, Citadel, Pilot, and Envoy. The app dashboards also allow you to monitor how services and applications are performing in Istio Mesh, providing insights into service latency, errors, network traffic, and request workloads.
Update - We are pleased to release the additional Logs and Metrics dashboards added for the Sumo Logic app for HAProxy. HAProxy is a unified logs and metrics app that helps you monitor the availability, performance, and health of your HAProxy cluster. Preconfigured dashboards provide insights into active servers, visitor locations, sessions, errors, response time, and throughput.
Update - We are happy to announce the availability of additional Logs and Metrics dashboards added for the Sumo Logic Cassandra app. The Apache Cassandra is an open source NoSQL distributed database with high scalability and availability without compromising performance.
Update - We are delighted to announce the availability of additional Logs and Metrics dashboards added for the Sumo Logic Elasticsearch app. The Elasticsearch app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your Elasticsearch clusters. Preconfigured dashboards provide insight into cluster health, resource utilization, sharding, garbage collection, and search, index, and cache performance.
Update - We are excited to release the additional Logs and Metrics dashboards added for the Sumo Logic Memcached app. The Memcached app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your Memcached clusters. Preconfigured dashboards provide insight into uptime, operational metrics, cache performance, resource utilization, errors, warnings, and commands executed.
Update - We are pleased to announce the availability of additional Logs and Metrics dashboards added for the Sumo Logic ActiveMQ app. The ActiveMQ app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your ActiveMQ messaging clusters. Preconfigured dashboards provide insight into cluster status, nodes, producers, consumers, destinations, resource utilization, message rates, and error logs.
Update - We are delighted to release the additional Logs and Metrics dashboards added for the Sumo Logic Akamai app. The Akamai SIEM API Source provides a secure endpoint to receive security events generated on the Akamai platform by leveraging the V1 SIEM API. It securely stores the required authentication, scheduling, and state tracking information.
October 14, 2021 (Traces)
New - Operation level health metrics describe performance and availability on the level of a single SQL query or API call. They are automatically generated from tracing data real time for the most active operations, enabling you to understand application service health on one level below: what operations is this service executing towards its peers and what's the performance of each of them individually. See Service Map and Dashboards.
October 6, 2021 (Collection)
Update - The Symantec Web Security Service Source now always uses structured logs to reduce errors and improve collection performance.
September 30, 2021 (Traces)
New - Lambda instrumentation for Java, NodeJS, and Python provides managed layers available directly from your AWS Lambda layer repository. Configure your Lambdas to attach to the layer appropriate for your language and enjoy new visibility in Sumo Logic. Lambda calls appear just as any other spans in your traces, providing immediate insights into Cloud Watch metrics related to this Lambda.
September 28, 2021 (Monitors)
New - Troubleshooting production issues is even more challenging with modern distributed applications. With our new alert response feature, your on-call teams can now also leverage curated insights that will help them get to the root cause quickly. The feature generates relevant insights as a context card using Sumo analytics to track what's occurring in your applications, helping your teams troubleshoot faster.
September 27, 2021 (Dashboard (New))
New - You can now easily share a snapshot of a Dashboard (New) with the new ability to export in PDF or PNG format.
September 24, 2021 (AWS Observability Solution)
Update - The AWS Observability Solution 2.3.0 release includes the deployment of the AWS Observability Solution using a Terraform script. This update also includes options for streamlined deployment to multiple AWS accounts and regions, dashboard changes, and bug fixes. Update to the latest version to take advantage of these features.
September 22, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source. The Cybereason Source provides a secure endpoint to receive authentication logs from the Cybereason Malops API.
September 20, 2021 (Manage)
New - You can now forward aggregate data from a Scheduled View to AWS S3. Previously, aggregate data was dropped and not included in forwarded file objects. Now, aggregate fields are automatically appended when your Scheduled View conducts aggregation.
September 15, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source. The Proofpoint On Demand Source collects data from the Proofpoint on Demand (PoD) Log Service.
September 14, 2021 (Search)
New - Search now provides Basic Mode, an easy-to-use, structured query builder to help you write and complete simple log searches quickly and easily. This mode is designed for new users that are not familiar with Sumo Logic search features and query language.
September 9, 2021 (Collection)
Update - The AWS S3 Source has the ability to collect objects from AWS S3 buckets that don't have versioning enabled and you cannot provide the ListObjectVersions permission, such as Cisco Umbrella. There is now a radio button with the option to have the Source use AWS versioned APIs.
September 7, 2021 (Search)
New - Search has several improvements to give you a cleaner experience. We've moved the search options to a menu and changed the look of search settings. See how to use the search page for details on the new layout.
September 1, 2021 (Alerts)
New - Our monitor capabilities provide a new alerting framework to support anomaly-based alerting for both logs and metrics data sources. It's a more flexible alert system, better equipped to identify true outliers in your ever changing environment and you can find it in Alerts > Monitors.
Anomaly-based alerting does not require a static alert threshold, offering a more flexible way to determine outliers in your data. Our system automatically creates dynamic baselines, and alerts the user, when there is an abnormal trend in the alerting KPI compared to its historic behavior.
You should definitely try out the new outlier support in monitors if you have custom KPIs that constantly change over time such as requests, latency, and errors. These KPIs constantly change based on external and internal factors such as changes in customer usage patterns, code changes, and feature releases.
August 27, 2021 (Manage)
New - We're making Cloud Flex Credits Subscriptions available to self-service trial and free accounts with new monthly and annual subscriptions. Customers who upgrade to a self-service paid subscription from a Trial, POV Trial, or Sumo Free subscription will now upgrade directly to Essentials (credit-based), and have the option of either an annual or monthly subscription. For more information, see Upgrade a Cloud Flex Credits Account.
August 24, 2021 (Search)
New - We've improved the style of our search tabs and added a lot of new functionalities.
- You can resize and reorder columns.
- Added keyboard accessibility.
- You can pin columns in the Aggregate tab.
- The Messages tab now supports context menu options to copy the full message and expand or collapse rows.
- The Aggregates tab now supports context menu options to copy or modify your query based on your results.
- Page limit increased to 500.
- Tabs load faster.
August 23, 2021 (Apps)
New - Cyral enables teams to observe, protect, and control their databases, data pipelines, and data warehouses by intercepting requests in real-time, without impact to performance or scalability. The Cyral App for Sumo Logic provides dashboards and visualizations for Cyral customers that have chosen to send their logs to the Sumo Logic platform.
New - Tessian is the world's first Human Layer Security company that uses data science and machine learning to automatically stop data breaches and security threats caused by human errors. The Sumo Logic App for Tessian provides visibility into human layer risk drivers and easy access to cyber security events prevented based on Tessian data feeds across all modules - Defender, Guardian, Enforcer, and Constructor.
New - We are excited to release the Sumo Logic Amazon GuardDuty - Cloud Security Monitoring and Analytics app. The focus of GuardDuty is on protecting AWS accounts, workloads, and data with intelligent threat detection. The corresponding Sumo Logic dashboards are designed to surface the most relevant security insights from that data to yield actionable processes to tackle specific security concerns within your AWS infrastructure. Utilizing this app allows you to stay ahead of changing attack surfaces in a repeatable way via cloud security monitoring and analytics dashboards that provide operational security awareness for AWS GuardDuty data sources.
New - We are excited to release the Sumo Logic AWS Security Hub - Cloud Security Monitoring and Analytics. The Sumo Logic AWS Security Hub app is designed to extract key findings from the AWS Security Hub, which is designed to centrally view and manage security alerts and automate security checks. The additional level of analysis within these dashboards surfaces the most relevant findings and takes a focused approach to improve overall security posture. Finding types and severity levels act as leading indicators for security engineers to go into security incidents with the most relevant technical details to address active threats.
New - We are excited to release the Sumo Logic AWS WAF - Cloud Security Monitoring and Analytics. AWS WAF (web application firewall) data is a rich source of security findings, as it allows you to monitor the HTTP and HTTPS requests that are forwarded to CloudFront and let you control overall access to your content. Each dashboard within this application takes a different lens on AWS WAF data, from traffic patterns to threat intelligence, allowing you to truly identify the needles in the haystack that drives critical security concerns within your AWS infrastructure.
August 18, 2021 (Collection)
Update- We've improved the collection performance of our Mimecast and Netskope Sources.
- The Mimecast Source now uses the API compression option to increase the throughput.
- The Netskope Source now implements new API best practices.
August 18, 2021 (Traces)
New - Get insight into your customer's front end experience with Real User Monitoring (RUM). We are extending application Observability for you with tracing visibility to the browser. Gather full information about load, execution, and render of your JavaScript (React, Angular, etc) applications and attach this information to end-to-end trace modeling full browser-to-database performance of every user transaction in real-time, with no sampling.
And we are automatically aggregating the above data into metrics, dashboards and providing multi-dimensional analysis by geographical locations, browser, and OS types, measuring and visualizing on dashboards many different aspects of web page load events.
This data is gathered directly from your end-user devices and all collected data is OpenTelemetry compatible and uses no proprietary vendor code to achieve its result when collecting required data.
This gives you an unprecedented view of how your end users are interacting with your application, their experiences with it and allows you one click troubleshooting of problematic web front end areas by connecting the dots from browser to database, even on a level of a single web transaction.
August 16, 2021-16 (Manage)
Update - We are delighted to announce the availability of enhanced search functionality for searching across all Data Tiers: Continuous, Frequent, and Infrequent. Now, you can use the _dataTier
search modifier to search all Data Tiers (_dataTier=all
) in a single query. Or, you can search for data in multiple indexes in just the tiers you're interested in. With this improvement, you can manage costs by retaining your rarely queried data in the Infrequent tier, and know it's just a query away. For more information, see Searching Data Tiers.
August 12, 2021 (Traces)
New - We are excited to introduce a new Span Analytics experience to help you explore your trace data at the raw span level so you can understand the performance and behavior of your infrastructure.
August 12, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source. The Carbon Black Inventory Source provides a secure endpoint to receive data from the CB Devices API.
August 12, 2021 (Security)
Update - We made a small but useful change to our SAML support. Now, if you have multiple Sumo Logic SAML integrations and use SP-Initiated logins, the EntityID Sumo Logic sends with authentication requests is unique for each of your integrations. The benefit: this means Sumo Logic SAML supports IdPs that require a unique EntityID for each integration. The EntityID is displayed in the SAML configuration details pane.
The unique Entity ID is provided in SAML configurations created after August 11, 2021. For existing SAML configurations, the Entity ID remains unchanged but is now displayed along with other configuration details.
August 11, 2021 (Metrics)
Update - We've added a run button to the Metrics Explorer, to the right of the query builder area. Previously, metric queries ran automatically. Now, metric queries are run only when you click the run button, or when you press Enter on your keyboard. (Depending on how you've set your Preferences, you might use Alt+Enter rather than Enter to run queries.)
August 10, 2021 (Alerts)
New - We have a new ServiceNow connection that supports creating either Events or ITSM Incidents and has the option to authenticate with an Authorization Header. You can still use the legacy connection to create Events if needed.
August 9, 2021 (Apps)
New - We are excited to release the Sumo Logic Memcached app. The Memcached app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your Memcached clusters. Preconfigured dashboards provide insight into uptime, cache hits/misses, resource utilization, errors, and commands executed.
Update - We have updated the Sumo Logic Varnish app. The Varnish app provides dashboards that help you analyze log and metric events generated by Varnish servers. This app allows you to identify traffic sources, monitor and improve application and website workflows, and understand how customers use your product.
August 9, 2021 (Manage)
Coming Soon - We're happy to announce that on August 23, 2021, Sumo Logic will roll out a new Service Status Page with an enhanced look and feel. You can preview that page here but there is no action to take at this time. In about two weeks we will switch status.sumologic.com to the new page.
August 6, 2021 (Search)
New - The Search Query Language has a new operator, isReservedIP checks if an IPv4 address is reserved as defined by RFC 5735 and returns a boolean.
August 1, 2021 (Apps)
New - We are pleased to announce the release of the Elasticsearch app. The Elasticsearch app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your Elasticsearch clusters. Preconfigured dashboards provide insight into cluster health, resource utilization, sharding, search, and index performance.
July 21, 2021 (Apps)
Update - We've updated the Apache Tomcat app. The Apache Tomcat app is a unified logs and metrics app that helps you monitor the availability, performance, health and resource utilization of your Apache Tomcat servers. Preconfigured dashboards provide insight into visitor locations, traffic patterns, errors, resource utilization, garbage collection, web server operations and access from known malicious sources.
July 3, 2021 (Apps)
New - We are excited to announce the release of ActiveMQ app. The ActiveMQ app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your ActiveMQ messaging clusters. Preconfigured dashboards provide insight into cluster status, nodes, producers, consumers, destinations, resource utilization, message rates and error logs.
July 1, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source. The Palo Alto Cortex XDR Source provides a secure endpoint to receive alerts from the Get Alerts Incident Management API.
July 1, 2021 (Alerts)
Update - We've added a new Scheduled Search alert type. Now, Cloud SIEM Enterprise (CSE) users can use Scheduled Searches to generate CSE Signals. That means you can use the results of any Sumo Logic query to automatically create Signals in CSE without replicating logic in CSE. This extends the real time alerting and notification capabilities of CSE with the analytics capability of Sumo Logic's core query engine.
For more information, see Generate CSE Signals With a Scheduled Search.
June 30, 2021 (Search)
New - The Search Query Language has two new operators.
- isNaN returns true if a string value is not a number, false otherwise.
- isInfinity returns true if a string value is a positive or negative infinity, false otherwise.
June 29, 2021 (Apps)
New - We are happy to announce the release of RabbitMQ app. The Sumo Logic App for RabbitMQ app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your RabbitMQ messaging clusters. Preconfigured dashboards provide insight into cluster status, exchanges, queues, nodes and error logs.
June 28, 2021 (Dashboard (New))
Update - We've updated the interface to create a text panel. In addition to improvements on how you configure visual settings, we've added a preview of how your panel will look allowing you to see your text panel in real time before you add it to your Dashboard (New).
June 28, 2021 (Collection)
Update - Sources in the Cloud-to-Cloud Integration Framework need updates over time to maintain data collection. Updates can vary in severity and may not require any input from you. See Cloud-to-Cloud Source Versions for details on how to upgrade and how versions are structured.
June 28, 2021 (Traces)
Update - You can set custom filters to quickly investigate traces you're interested in.
June 23, 2021 (Apps)
New - We are excited to announce the release of Zscaler Internet Access (ZIA) app. The Sumo Logic App for ZIA collects logs via Cloud Nanolog Streaming Service (NSS) to populate pre-configured searches and Dashboards in order to visualize and provide insight into threats, DNS, web traffic behaviors, security, user browsing activities, and risk.
June 22, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source. The Akamai SIEM API Source provides a secure endpoint to ingest security events from the Akamai platform.
June 20, 2021 (Apps)
New - We are proud to release the Sumo Logic Nginx Plus Ingress app. The app is a unified logs and metrics app that helps you monitor the availability, performance, health and resource utilization of your Nginx Plus Ingress web servers. Preconfigured dashboards and searches provide insight into server status, location zones, server zones, upstreams, resolvers, visitor locations, visitor access types, traffic patterns, errors, web server operations and access from known malicious sources.
New - We are also excited to announce the release of the Global Intelligence for Apache Tomcat App. The App is a companion to the Apache Tomcat application and helps DevOps and infrastructure engineers compare server and user activity patterns associated with their Apache Tomcat servers against other Sumo Logic customer's servers. Such comparisons can help diagnose potential load, throughput or error issues in Apache Tomcat clusters and avoid operational incidents arising from sub-optimal configurations of Tomcat servers.
June 18, 2021 (Collection)
Update - The Netskope Source provides the option to collect specific event types. Alert events are always collected.
June 18, 2021 (Search)
Update - The ASN Lookup operator now supports IPv6 addresses.
June 14, 2021 (Apps)
New - We are proud to release the Sumo Logic Cassandra app. The Apache Cassandra is an open source NoSQL distributed database with high scalability and availability without compromising performance.
June 11, 2021 (Apps)
New - We are excited to announce the launch of the Security Monitoring & Analytics Apps. These apps are a new way to get an understanding of your day to day security operations. For this release we are providing new dashboards for five data sources: Windows, Linux, AWS Cloud Trail, AWS VPC Flows, and Palo Alto Networks Firewalls. All dashboards are using our latest features to provide practical security insights for all security practitioners.
June 10, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has another new Source: that's two this week! The Symantec Web Security Service (WSS) source provides a secure endpoint to ingest Symantec Web Security Services Access Logs. Symantec Web Security Service delivers a broad set of advanced cloud-delivered network security capabilities. With this new integration, Security customers can take advantage of the rich set of security information available from the WSS Access Logs.
June 8, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source. The CSE AWS EC2 Inventory Source provides a secure endpoint to ingest AWS EC2 inventory. Cloud SIEM Enterprise (CSE) users can forward this data to Cloud SIEM Enterprise to provide more context to Entities.
June 7, 2021 (Apps)
New - We are excited to announce the launch of the Nginx Plus web server App. The app is an unified logs and metrics app that helps you monitor the availability, performance, health and resource utilization of your Nginx Plus web servers. Preconfigured dashboards and searches provide insight into server status, location zones, server zones, upstreams, resolvers, visitor locations, visitor access types, traffic patterns, errors, web server operations and access from known malicious sources.
Update - There is a new release for the Microsoft SQL Server app. The is an unified logs and metrics app that provides insight into your SQL server performance metrics and errors. The App consists of predefined Dashboards, providing visibility into your environment for real-time or historical analysis on backup, latency, performance counter, restore, mirroring, database monitoring, general health and operations of your system.
June 3, 2021 (Search)
New - The Search Query Language has a new operator, values, that allows you to quickly determine all the values a field has.
June 2, 2021 (Collection)
New - Our Cloud-to-Cloud Integration Framework has a new Source, the CrowdStrike Falcon Data Replicator (FDR) Source provides a secure endpoint to ingest Falcon Data Replicator events using the S3 ingestion capability by consumed SQS notifications of new S3 objects.
Update - You can use a Windows Event Source to collect forwarded events from a Windows Event Collector.
June 2, 2021 (Apps)
Update - There is a new release for the MongoDB app.The app now provides insight into your MongoDB environment, allowing you to track overall system health, queries, logins and connections, errors and warnings, replication, and sharding.
June 1, 2021 (Search)
New - We've added several new operators to our Search Query Language:
- The threatip operator correlates CrowdStrike's threat intelligence data based on IP addresses from your log data, providing security analytics that helps you to detect threats in your environment, while also protecting against sophisticated and persistent cyber-attacks. This operator uses the same lookup as the Threat Intel Quick Analysis App but is simplified for only IP threat lookups.
- The geoip operator provides geographical location data to create Map Charts. This operator provides the same data as a Geo Lookup operation with a simpler syntax.
- The merge operator has a new strategy,
takeDistinct
, that allows you to identify only distinct values of a field.
May 27, 2021 (Apps)
New - We are excited to announce the launch of the Zscaler Private Access App, which assists in collecting logs from Zscaler using the Log Streaming Service (LSS) to populate pre-configured searches and Dashboards. The dashboards also provide easy-to-access visual insights into user behaviors, security, connector status, and risk.
Update - There is a new release for the Apache app. The app now helps you monitor the availability, performance, health and resource utilization of Apache web server farms. The pre-configured dashboards and searches provide insight into visitor locations, visitor access types, traffic patterns, errors, web server operations, resource utilization and access from known malicious sources.
May 26, 2021 (Metrics)
New - What's good for the logs is good for the metrics. That's why we're extending the processing rules feature to support metrics as well as logs. Now, you can configure include or exclude rules for your metric sources for increased control over the metrics you ingest to Sumo Logic. For more information, see Metrics Include and Exclude Rules.
May 24, 2021 (Collection)
New - The Microsoft Graph Security API Source provides a secure endpoint to receive alerts from the Microsoft Graph Security API endpoint.
May 20, 2021 (Traces)
New - We are proud to release the support of the Search Query Language for Traces. This allows you to not only find and diagnose transaction traces that match any custom criteria, but also make advanced analysis on the top of trace span data using the Search Query Language, the same way as for log data, in the same familiar interface.
This capability allows you to access raw tracing data on a span level, treat it as structured or unstructured data for analysis, and filter, transform, or aggregate any part of the tracing span message (a single atomic request/response representation) to deliver meaningful results to drive smarter decisions.
May 17, 2021 (Apps)
New - The Sumo Logic App for HAProxy is a unified logs and metrics app that helps you monitor the availability, performance, and health of your HAProxy cluster. Preconfigured dashboards provide insights into active servers, visitor locations, sessions, errors, response time, and throughput.
May 10, 2021 (Apps)
PCI Compliance for Windows Legacy App
Update - The Payment Card Industry (PCI) Compliance for Windows Legacy App is updated to offer dashboards to monitor system, account, and user activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Windows Legacy App covers PCI requirements 2, 6, 8, and 10.
PCI **Compliance for Windows JSON App**
New - The Payment Card Industry (PCI) Compliance for Windows JSON App is released. This App offers dashboards to monitor system, account, and user activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Windows JSON App covers PCI requirements 2, 6, 8, and 10.
CatchPoint
New - The CatchPoint App for Sumo Logic provides a central location for the Catchpoint tests in your account. View at-a-glance information surrounding your recent Errors. The Node Map provides a geographical overview of your test runs, while the Tests widget lets you search for and quickly access your synthetic data.
Cybereason
New - The Cybereason App for Sumo Logic enables Security Operations teams to leverage the Cybereason Malop™ to detect and end attacks faster.
Nucleon
New - Nucleon is a distributed, high-performance invisible, and non-invasive platform that is tailored to secure environments from different common threats such as professional hacking groups, APTs, and others. The Nucleon App for Sumo Logic helps in identifying the overall number of threats, their sources by country, and their targeted segments(critical_infrastructure, energy, fintech, governments, health_care, municipality, general, telecom).
Workday App and Workday C2C source
New - We are very excited to release a new app for Workday and C2C source. The Workday app is built for IT and security teams to get insights into Workday related authentication activity, user activity, and administrator activity. These dashboards are tailored to highlight critical events for general security monitoring and compliance reporting. Collection of data is done via a cloud-native-collector that provides a secure endpoint to receive user and sign-on data via the Workday APIs.
May 7, 2021 (Apps)
New - The Global Intelligence for Apache App is a companion to the Apache App and helps DevOps and infrastructure engineers compare server and user activity patterns associated with their Apache servers against other Sumo Logic customer's servers. Such comparisons can help diagnose potential load, throughput, or error issues in Apache clusters and avoid operational incidents arising from sub-optimal configurations of Apache clusters.
May 4, 2021 (Manage)
New - We're making it easier to create and manage multiple Sumo Logic accounts. You can use the new Sumo Logic Organizations (Sumo Orgs) feature to create, provision, and manage multiple "child" orgs from a "parent" org. An authorized user can use the UI or API to estimate required credits for child orgs, based on expected log and metrics ingestion levels. It's easy to allocate credits, and to monitor child orgs' utilization. Sumo Orgs is great for Sumo Logic Service Providers as well as Enterprise users. In particular, Sumo Orgs eases the process of provisioning and managing POV Trial orgs in multiple Sumo Logic deployments.
Sumo Orgs is available in Enterprise subscriptions on the Credits model.
May 4, 2021 (Apps)
AWS Observability
Update - We're happy to announce the release of our AWS Observability Solution 2.2.0 which includes:
- New performance and cost-savings. We've added support for collecting AWS CloudWatch metrics and AWS CloudWatch logs through new Amazon Kinesis logs and metrics sources for Sumo Logic. These new sources enable you to collect logs and metrics data from AWS in the most performant and cost-effective manner.
- AWS benchmarks in-context with AWS Observability. Global Intelligence for AWS CloudTrail DevOps helps you accelerate root cause analysis for incidents by providing error rate and configuration insights benchmarked from Sumo Logic's AWS customers for nine AWS services: EC2, Lambda, Auto Scaling, S3, ELB, RDS, DynamoDB, ElastiCache and Redshift. In this release, the benchmark dashboards are integrated with AWS Observability solution at the account-region level.
Update to the latest version to take advantage of these new features.
May 3, 2021 (Metrics)
Deprecation - We have completed the deprecation of old-style Metric Monitors. Old Metric Monitors have been migrated to the new Monitors framework and removed. For information about the deprecation process, see Metrics Monitors Deprecation FAQs.
April 30, 2021 (Apps)
Redis
Update - We've released a new version of the Redis app that includes pre-packaged alerts. New features include updated dashboards that allow you to visualize, search and alert by Redis clusters and hosts. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for connections, replication, memory fragmentation, communication failures, resource utilization and other critical conditions.
PostgreSQL
Update - We've released a new version of the PostgreSQL app that includes pre-packaged alerts. New features include support for collecting PostgreSQL metrics data using Telegraf, and for monitoring PostgreSQL in Kubernetes environments. Out-of-the-box dashboards provide insight into the health of your PostgreSQL clusters, deadlocks, replication status, query performance, slow queries, incoming connections, failed authentications and error logs. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for connections, slow queries, commit rates, deadlocks, replication, locks, compression and other critical conditions.
New Sumo Logic App for Kafka with Pre-packaged Alerts
New - The Sumo Logic App for Kafka is a unified logs and metrics app that helps you monitor the availability, performance and resource utilization of Kafka messaging/streaming clusters. Preconfigured dashboards provide insights into cluster status, throughput, broker operations, topics, replication, zookeepers, node resource utilization and error logs. We also have pre-packaged alerts to help you monitor your Kafka cluster. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for high resource utilization, disk usage, errors, failed connections, under replicated and offline partitions, unavailable replicas, consumer replica lag and other critical conditions.
New Pre-Packaged Alerts for Nginx ULM and Nginx Ingress ULM
Update - We've released pre-packaged alerts to help you monitor your Nginx ULM and Nginx Ingress ULM clusters. These alerts are built based on Sumo Logic monitors, leverage metrics and logs and include preset thresholds for dropped connections, critical event log messages, access from known malicious sources and 4xx and 5xx errors.
April 29, 2021 (Apps)
Update - We've released a new version of the MySQL app that includes pre-packaged alerts. New features include support for collecting MySQL metrics data using Telegraf, and for monitoring MySQL in Kubernetes environments. Out-of-the-box dashboards and searches provide insight into the health of your MySQL clusters, replication status, error logs, query performance, slow queries, Innodb operations, and failed logins. Alerts are based on Sumo Logic monitors, leverage metrics and logs, and include preset thresholds for connections, query run times, slow queries, resource utilization, errors, and other critical conditions.
April 29, 2021 (Search)
Update - The syntax of a URL to run a log search has changed. We've added parameters for the query, start time, and end time. The previous syntax is still supported, however, we recommend you start using the new syntax.
April 21, 2021 (Dashboard (New))
Update - We've made it easier to change what items are displayed in charts. You can now click on an item in the Legend to quickly only show it in your chart. If you want to toggle just one legend item, just hold the shift key and then click the item.
April 16, 2021 (Alerts)
New - The Infrastructure tab now shows any triggered Monitors with a Critical, Warning, or Missing Data status for the given entity. You can click on them to view the Monitor on the Monitors page.
April 15, 2021 (Alerts)
New - Log Search and Metrics Explorer now provide an option to add a Monitor based on your existing query.
Update - You now have the ability to specify a location when creating a new Monitor.
April 14, 2021 (Metrics)
Planned deprecation - The muted monitors that were automatically migrated during Round 2 have been deleted. Deprecation of old-style monitors will occur on May 3. Any of your monitors that were not automatically migrated should be manually migrated by that date. For more information, see Metrics Monitors Deprecation FAQs.
April 13, 2021 (Security)
Update - We've updated the UI for deleting a Sumo Logic user's account. The UI now provides an explicit option for deleting a user's content in addition to the user account. For more information, see Delete a User.
Update - We've enhanced role search filters: now you can grant access to Scheduled Views and Partitions in a role search filter. For more information, see Construct a Role Search Filter.
April 13, 2021 (Search)
Update - Searching the Infrequent data tier just got easier. You can now use wildcards in queries against the Infrequent data tier. For example:
_dataTier = Infrequent (_index=app_*)
For more information, see Searching Data Tiers.
April 8, 2021 (Alerts)
Update - The alert variable ResultsJson.fieldName
now supports the ability to return a specific result by providing an array index value in bracket notation. For example, {{ResultsJson.fieldName}}[0]
will only return the first result.
April 7, 2021 (Search)
Update - The LogReduce operator now provides an optimize option that provides up to 10x speedup over classic LogReduce on datasets with hundreds of thousands of logs.
April 6, 2021 (Dashboard (New))
Update - Dashboard (New) now supports Dynamic Parsing and Receipt Time. You can set the options under the general settings of a panel built to display log data.
April 1, 2021 (Alerts)
Update - The alert variable Results.fieldName
is now supported in email notifications. This allows you to include the value of a specific field from your results.
March 31, 2021 (Metrics)
Update - We've implemented some limitations on the number of metrics metadata tags that Sumo Logic will accept, and the length of metadata keys and values. Limiting the volume and length of metrics metadata ensures that noisy sources of metrics don't inundate your account with excessive metadata. For more information, see Metrics Metadata Limits.
March 30, 2021 (Metrics)
Planned deprecation - Round 2 of automatic migration is complete. We'll start deleting the old monitors on April 13. For information, see Metrics Monitors Deprecation FAQs.
March 25, 2021 (Explore)
Update - Explore now offers the ability to filter your view so you can focus on specific entities and sections of your system.
March 24, 2021 (Traces)
New - We're excited to announce our Service Map and Dashboards. A Service Map is a high-level out-of-the-box overview of your environment created from distributed tracing data. Service Maps provide you a real-time view of:
- Your microservices and connections between them, to give you insight into their dependencies and relations.
- Health and load of each microservice reflected in size and color, so you can immediately ascertain potential problems and bottlenecks in your application infrastructure.
Read more about how our Service Map & Dashboards Provide Insight into Health and Dependencies of Microservice Architecture
Interested in training? Register for an Enhanced Tracing with Sumo Logic webinar on 3/25/21 from 9am-11am PST.
March 22, 2021 (Metrics)
Planned deprecation - Round 1 of automatic migration is complete and the old monitors have been deleted. Round 2 of automatic migration will start on March 29. For more information, see Metrics Monitors Deprecation FAQs.
March 16, 2021 (Manage)
Update - Scheduled View queries now provide syntax highlighting and support multiple lines and comments.
March 16, 2021 (Alerts)
Update - We have resolved a discrepancy in the notification payload of Real Time Scheduled Searches.
Previously, the payload for subsequent real time alerts in a given time range would incrementally report the results and omit the records that were already present in the previous alert.
For example, if the Scheduled Search initially returned 10 records, the first alert notification would contain 10 records in the payload. If the next run contained the same 10 records plus 1 additional, the notification payload would only contain the single new record.
Going forward, we will ensure that the records sent in the notification payload will always contain all the records returned in the Scheduled Search. Following the above example, the next run of the Real Time Scheduled Search would return 11 records. This change ensures that the payload will always match the results of the search in Sumo Logic.
March 12, 2021-12 (Collection)
New - Our Cloud-to-Cloud Integration Framework has the following new Sources:
March 11, 2021 (Metrics)
Planned deprecation - Round 1 of automatic migration is complete. Most monitors were successfully migrated and are now muted---we'll start deleting them on March 18. If you have monitors that were not successfully migrated, we'll let you know which monitors weren't migrated and why. For information about how to manually migrate those monitors, see Metrics Monitors Deprecation FAQs.
March 8, 2021 (Apps)
Update - We have updated our Enterprise Audit - Security Management App to now support ServiceAllowlist audit events.
March 4, 2021 (Observability)
Update - We're delighted to announce several enhancements to Root Cause Explorer. Root Cause Explorer now supports two additional AWS namespaces, as well as Events of Interest detection on Kubernetes and Trace metrics. Cause-impact analysis is now informed by Sumo Logic Tracing's Service Map, AWS X-ray, Kubernetes entities, and AWS inventory relationships. You'll also notice new filters and search builders at the top of the page to correlate Events of Interests at the service, orchestrator, AWS infrastructure, and host levels to speed up the identification of root causes. You can use the Infrastructure tab for an Event of Interest to pivot to dashboards, logs, metrics and, trace searches to take the next steps in root cause analysis.
March 1, 2021 (Metrics)
Planned deprecation - We're starting the next step in the process of Metrics Monitors today: we're beginning the first of two rounds of migrating old-style monitors to new Monitors. The next milestone is March 15, when we'll remove the old monitors that were successfully migrated in the first round. For more information, see Metrics Monitors Deprecation FAQs.
February 26, 2021 (Dashboard (New))
Update - Dashboard (New) is all about visual control! We're happy to announce that you can now add units to your charts to make them even easier to consume. With the updated chart units on dashboard panels, you can select a base unit and the chart will auto-adjust the unit as the numbers scale, making the data immediately understandable. See how to modify chart axes for details.
February 25, 2021 (Apps)
Update - We are excited to announce out-of-the-box alerts for Kubernetes. We have also updated the dashboards and views in the Kubernetes App to accelerate entity-based troubleshooting of Kubernetes environments.
New - We are excited to announce a new Microsoft Teams app that provides out-of-the-box dashboards to monitor users, teams, channels and permission changes.
February 23, 2021 (Alerts)
New - Microsoft Teams webhook connection is now available to send notifications from alerts to Microsoft Teams.
February 23, 2021 (Sumo Logic Jenkins Plugin)
Update - We are happy to announce a new version v2.2.1 of the Sumo Logic Jenkins plugin. The plugin has been updated with a new Jenkins pipeline step SumoSDOEvent which can be used to send instrumented events to Sumo Logic.
February 22, 2021 (Metrics)
Planned deprecation - We've taken the next step in the process of Metrics Monitors today: the ability to create new Metrics Monitors from the UI and API is disabled. For more information, see Metrics Monitors Deprecation FAQs.
February 15, 2021 (Metrics)
Planned deprecation - We're planning to deprecate the Metrics Monitors feature in favor of the Monitors feature we released late last year, which unifies the alert experience across logs and metrics. Important to note: Sumo Logic will automatically migrate most of your existing metrics monitors. The deprecation process will occur in stages, starting next week and culminating in early May. Today, affected customers will receive an in-product communication describing the deprecation process and schedule and what to expect. For more information, see Metrics Monitors Deprecation FAQs.
February 12, 2021 (Security)
Update - We're releasing a change to audit logging for monitors on Monday, February 15. We've improved the audit logging we do when you import, copy, or delete a monitor. We now log an audit event for every object created or deleted by an import, copy, or delete operation.
February 10, 2021 (Manage)
Update - We made the process of transferring a deleted user's content to another user more comprehensive. Now, when you select a new owner for the deleted user's Library content, scheduled views will be transferred to the new owner, as well as the user's folders, searches, scheduled searches, and dashboards. For more information, see Delete a User.
February 5, 2021 (AWS Observability)
Update - We are excited to announce support for ECS, ElastiCache, and Network Load Balancers as well as out-of-the-box alerts for all supported services. As part of this release we have documented changes included in each version of our CloudFormation installation template, which will help you understand when to upgrade.
February 3, 2021 (Manage)
Update - There are two changes to the Partitions page in the Sumo Logic UI. What we previously called the General Index is now the Default Continuous Partition. This is where any data you ingest that isn't assigned to a partition goes. You'll also notice that the Partitions page now lists Sumo Logic internal indexes, like the Audit Event Index and the Data Volume Index. This gives you the flexibility to manage the retention period for each index independently. By default, each internal index has the same retention period as the Default Continuous Partition.
January 22, 2021 (Metrics)
Update - We've made a small change to the Metrics Explorer that makes a big difference: Advanced Mode now supports auto-complete. Now, just as in Basic Mode, you can construct metric queries in Advanced Mode by selecting metadata fields, dimensions, metrics, and operators from pull-down lists.
January 22, 2021 (Infrastructure)
Update - We've updated the troubleshooting links in the Infrastructure tab to be easier to understand. The original buttons have been replaced with a dropdown menu with labels next to the buttons.
Update - The Infrastructure tab now provides a time option to select if the displayed Entities and Environments are related to the current time or the moment of time around the data point you clicked on.
January 20, 2021 (Alerts)
Update - When we released Monitors (our new alerting framework), we introduced new template variables to be used within Notifications for full customizability of what information is provided in the notification. We are pleased to announce that we are extending support of these variables to Scheduled Searches and Metrics Monitors pages.
January 15, 2021 (Dashboard (New))
Update - Dashboard (New) now offers a dark theme. Dark Theme makes dashboards pop by putting light colored visualizations and text on top of a darker background. This enables you to build gorgeous dashboards with eye-catching contrast.
Update - Categorical column and bar charts from metrics queries now have a Group By setting that lets you group data by other dimensions.
January 11, 2021 (Alerts)
Update - The payload editor for webhook connections provides syntax highlighting, indentation, and validation.
2020 Archive
This is an archive of the 2020 Sumo Logic Service Release Notes. The current Service Release Notes are here.
December 28, 2020 (Search)
New - Search can parse JSON logs automatically with Dynamic Parsing. Now you don't have to write parse expressions or update queries if your log schema changes.
December 22, 2020 (Manage)
Update - We've brought you greater control over your data: now you can update an existing partition's routing expression, which determines what data goes into the partition. (You have to be a Sumo Logic admin or have the Manage Partitions role capability.)
Changing the scope of a partition is useful if you simply want to route more or less data to an existing partition. Better yet, it allows you to re-route some or all of the data in an existing partition to a different Data Tier than the one it currently resides in. If you decide that some of the data in a partition belongs in a different tier than the one currently configured, you can edit the scope of that partition to exclude that data, and create a new partition for it that targets the desired tier.
For more information, see Edit a Partition.
December 21, 2020 (Apps)
Update - The CrowdStrike Falcon Endpoint Protection App has been updated to include a new dashboard to provide visibility into Falcon incidents. All dashboards have been updated to use the new dashboard platform. This app uses the new CrowdStrike Source to collect log data from the CrowdStrike Falcon Endpoint Protection platform.
December 8, 2020 (Apps)
Update - F5 - BIG-IP LTM App now uses Telemetry Streaming to collect log data from F5 - BIG-IP LTM.
December 4, 2020 (Account)
New - Select a duration for your Support Account Access. This determines how long the account is enabled. You can choose from 1 day to one year to indefinitely depending on your needs and comfort level with our access.
December 4, 2020 (Collection)
New - Our Cloud-to-Cloud Integration Framework has the following new Sources:
November 19, 2020 (Manage)
Update - Ingest budgets now have a Scope, replacing Field Value, which defines the log data to apply to a budget. This new budget assignment scheme allows you to have granular control over your ingest budgets while keeping the configuration overhead to a minimum.
November 16, 2020 (Apps)
New - AWS Firewall Network app provides visibility into traffic flows, through alerts generated by AWS Network Firewall.
November 16, 2020 (Dashboards)
You can now easily link dashboards together to quickly view related data. Each panel can have links to other dashboards. Links have options to include metadata and time range. When viewing the summary tab on a panel with linked dashboards you'll have the option to select from linked dashboards.
November 13, 2020 (Search)
Update - We're pleased to announce a improved search experience for Data Tier users. You can use the new _dataTier search modifier to restrict a log search to a particular Data Tier (Continuous/Frequent/Infrequent). For more information, see Searching Data Tiers.
November 13, 2020 (Security)
New - If you have multiple Sumo Logic accounts, we've got good news for you: we've introduced custom Sumo Logic subdomains. By default, the subdomain in the URL for accessing Sumo Logic is "service", like this:
service.sumologic.com
Multiple orgs with identical domain names can result in authentication headaches. Now, your account owner can replace the "service" subdomain for each of your orgs with a distinct subdomain. For example:
west1.sumologic.com
Then, the links that Sumo Logic generates, for example when you share queries or dashboards, will contain your custom subdomain. These subdomain-enabled links will direct the user to the correct account for authentication.
When subdomains are enabled for an org, you'll see your SAML SP-initiated login options on the Sumo Logic login page.
November 13, 2020 (Apps)
New - Sumo Logic AWS Lambda extension enables you to get instant visibility into the health and performance of your mission-critical applications using AWS Lambda. With this extension and Sumo Logic's continuous intelligence platform, you can now ensure that all your Lambda functions are running as expected by analyzing function, platform, and extension logs to quickly identify and remediate errors and exceptions.
November 05, 2020 (Collection)
New - We're thrilled to announce our new Cloud-to-Cloud Integration Framework.
The Cloud-to-Cloud Integration framework is an extensible system for running fully hosted, pull, and pub-sub based sources. Traditionally, Sumo Logic collection has been push-based, where we expose an endpoint to which data sources or collector agents push data to us. However, many SaaS applications and Cloud Providers expose event data that describe user, system/application activity which is critical for operations monitoring, security, and compliance use cases. The Cloud-to-Cloud Integration Framework is the system by which we provide integrations to these sources and SaaS applications.
This release comes with two new Sources, Okta and Netskope. Our existing apps are updated to work with these two new Sources.
The Cloud-to-Cloud Integration Framework is an extensible architecture, in which new Sources can be easily added in the future. Check out the Sources we have available in beta.
November 05, 2020 (Apps)
Update - We're happy to announce that the updated version of Sumo Logic App for Azure WebApp is compatible with the new Azure Monitor based Collection.
October 30, 2020 (Security)
New - We're pleased to announce a new role capability that allows a Sumo Logic admin to limit the ability of users to create Access Keys. Currently, all Sumo Logic users can create Access Keys on the Preferences page. (Access Keys allow a user to register collectors and to use Sumo Logic APIs.) With the new Create Access Keys capability, you can limit the ability to create Access Keys to only those roles that require it. Note that, with this update, all roles in your Sumo account have the Create Access Keys capability. To restrict access, your Sumo Logic administrator can remove the capability from roles that do not require it.
New - We've released a new security policy you can use to set a maximum timeout for Sumo Logic UI web sessions. Sumo Logic users can set their web session timeout on the Preferences page, up to a maximum of 7 days. If you are a Sumo Logic admin with the Manage Organizational Settings role capability, you can now specify the maximum web session timeout period that users in your org can select. For more information, see Set a Maximum Web Session Timeout.
October 28, 2020 (Search)
Update - Just wanted to let you know that we've made an underlying change to our XML Parsing library for parsing XML-formatted logs. The following minor behavioral chances will change how results are returned from parsing XML log:
1. Empty nodes will be returned as self closing tags
For example - Consider the following xml log line (see last empty tag)\
<users><user id="emptytag" role="manager"><first_name>Sally</first_name><last_name>Jones</last_name><email>sally@emailplace.com</email></user><user id="456" role="contributor"><first_name>Bob</first_name><last_name>Smith</last_name><email>bob@emailplace.com</email></user><user></user></users>
Query:\
_sourceCategory=stag/xmltest ("678" or "emptytag")\
| limit 5\
| parse xml "/users/user[3]" as first_name nodrop
Old lib would return
For example - Consider the following xml log line (see the extra space in yellow)\
<users><user id="678" role="manager"><first_name>Sally</first_name><last_name>Jones</last_name><email>sally@emailplace.com</email></user><user id="456" role="contributor"><first_name>Bob</first_name><last_name>Smith</last_name><email>bob@emailplace.com</email></user></users>
Query:\
<code>_sourceCategory=stag/xmltest ("678" or "emptytag")\
| limit 5\
| parse xml "/users/user[2]" as first_name nodrop
Old lib would return: <user id="456" role="contributor"><first_name>Bob</first_name><last_name>Smith</last_name><email>bob@emailplace.com</email></user>
\
New lib would return: <user id="456" role="contributor"><first_name>Bob</first_name><last_name>Smith</last_name><email>bob@emailplace.com</email></user><code>
October 23, 2020 (Observability)
Update - We have rolled out audit logging support for Monitors. Create, read, update, and delete operations of Monitors are logged in the Audit Event Index.
October 23, 2020 (Apps)
New - We're happy to announce the Windows JSON App based on the JSON event log format and provides insight into the operations of the Windows system operation and events so that you can better manage and maintain your environment. The Windows JSON App is based on the JSON Windows event log format and consists of predefined searches and dashboards that provide visibility into your environment for real-time analysis of overall usage of Security Status, System Activity, Updates, User Activity, and Applications.
New - Active Directory JSON assists you in monitoring the Windows Active Directory deployment by analyzing Active Directory logs in the JSON based event log format. The app includes predefined searches and dashboards that provide user activity into your environment for real-time analysis of overall usage.
October 21, 2020 (Manage)
Update - Webhook payload variables need to be in mustache format. You do this by wrapping each variable in double curly brackets, like {{variable}}
. In February 2018 we introduced this format. We did not deprecate the previous format using a dollar sign, like $variable
. Going forward, we will only support mustache format.
::: Note: The US1 and US2 deployments are scheduled to have this update next week. ::: This change was communicated to administrators of accounts still using the old format. Any existing alerts using the old format have been automatically switched to the new format.
October 21, 2020 (Metrics)
Change - We made some nice changes to our approach to disabling metric sources that generate too many unique time series. Instead of completely disabling a noisy metric source, we take a more fine-grained approach by dropping the offending dimension or dimensions.
Also, we've implemented a global limit for unique time series, across all your metric sources. That gives you some wiggle room---you can have some metric sources that generate lots of unique time series, and as long as the volume across all your metric sources doesn't exceed the global limit, you're good. If you are leveraging Short Term retention in Transformation Rules, you also get significantly higher capacity on the cardinality before being impacted.
Finally, we've increased the limit of unique time series a Logs-to-Metrics rule can produce. For more information, see Disabled Metric Sources and Logs-to-Metrics.
October 20, 2020 (Search)
New - We're happy to announce the release of new and improved Lookup Tables. We've improved performance, increased the allowable table size, and made Lookup Tables easier to create and manage. You can populate a Lookup Table by uploading a .csv file, using the save operator, or using the new Save to Lookup option when you schedule a search. Lookup Tables are now a first-class content item: you can view and share them from the Sumo Logic Library. To top it off, we've provided new versions of the save and lookup operators, plus two brand new operators: lookupContains and cat.
This is the first of many cool updates as we build a new Lookups framework that is intuitive, performant and flexible to support both operational and security analytics use cases.
Availability New Lookup Tables are available in all deployments except Sumo Logic's Montreal deployment, pending AWS providing a required AWS service in the Montreal region.
October 19, 2020 (Manage)
New - Jira and Opsgenie webhook connections are now available.
- Opsgenie connections allow you to create incidents based on Sumo Logic alerts within Opsgenie.
- Jira connections allow you to create Jira tickets based on Sumo Logic alerts in Jira Server, Jira Cloud, and Jira Service Desk.
October 8, 2020 (Apps)
New - We're pleased to announce the JMX App that allows you to analyze and gain insights about Java applications in Kubernetes and Non-Kubernetes environment. The dashboards provide a quick glance at various deployment metrics like memory, CPU, GC performance, and thread behavior, so you can troubleshoot unexpected behavior in your Java environment and the applications running in it.
New - Nginx ULM App helps you monitor webserver activity in Nginx for both Kubernetes and Non-Kubernetes environment. The preconfigured dashboards provide information about site visitors, including the location of visitors, devices/operating systems, and browsers used; and information about server activity, including bots observed and error information.
New - Nginx Ingress ULM App helps you monitor webserver activity in Nginx Ingress Controller for both Kubernetes and Non-Kubernetes environment. The dashboards provide information about site visitors, including the location of visitors, devices/operating systems, and browsers used; and information about server activity, including bots observed and error information.
New - Redis App monitors the state of the database cluster in Kubernetes and Non-Kubernetes environment. The dashboards provide information about cluster status, resource usage, commands running, and cache hit rate. You can easily determine the health of the cluster by just a glance at the dashboards.
October 6, 2020 (Solutions)
New - We're excited to announce the Software Development Optimization solution that helps you to increase release velocity, improve reliability, and comprehensively monitor your software development pipelines with industry-leading metrics and actionable insights generated automatically from development tools such as Jira, GitHub, Jenkins, PagerDuty, Bitbucket, Opsgenie, and more.
October 6, 2020 (Observability)
Update - The AWS Observability CloudFormation template has been updated to accommodate intuitive naming of individual AWS resources and a new entity inspector that provides more information about the selected entity, and helps you navigate to the corresponding logs or metrics. To update the CloudFormation stack with this new template, please follow the instructions on this page.
October 5, 2020 (Observability)
We're excited to announce the general availability of our Observability Solution will be rolling out in the next 48 hours! This feature-rich solution expands to new environments like Kubernetes, and includes tools like Transaction Tracing that work together to ensure you are able to efficiently monitor, troubleshoot, and diagnose issues.
Sumo Logic Observability can help you:
- Monitor critical indicators of reliability such as errors or latency.
- Diagnose or isolate services or resources that might be the immediate cause of reliability issues.
- Troubleshoot and uncover root cause(s) to guide recovery as well as on-going application reliability.
As it relates to monitoring, the Observability solution now includes:
Unified Alerting, across logs and metrics data sources with the ability to specify alert criticality, configure detection rules, set up multiple channels for receiving notifications, auto-resolve incidents, and a central landing page to triage, administer and manage alerts.
AWS Observability features 40+ dashboards to monitor infrastructure on AWS in a comprehensive and intuitive manner across AWS accounts, regions and resource types down to individual entities.
Diagnosing incidents just got easier with:
Transaction Tracing to observe apps and microservices to the level of individual requests and pinpoint issues with particular microservices. Our OpenTelemetry standard based tracing capabilities provide an open and flexible standard for observability of microservices transactions without vendor lock-in. If your service package capabilities have been upgraded to include Tracing, you should see a "Tracing" tab available in your Sumo Logic UI. To start using Tracing or taking advantage of our promotion (90 days worth of trial capacity for free), contact your Sumo representative to activate.
Re-vamped Metrics Explorer that decreases the complexity of finding and visualizing your metrics data with a new structured query builder, and an extended range of visualizations for ad-hoc analysis. Mimicking the Dashboard (New) workflow, you now have the same unified experience in the main metrics tab.
Global Intelligence for AWS CloudTrail **DevOp**s that helps on-call staff isolate or eliminate AWS errors (availability, throttling, out of stock) as probable cause for their incidents. Available for Enterprise accounts.
Troubleshooting incidents can now be streamlined thanks to:
- Root Cause Explorer, an AIOps breakthrough that helps on-call staff accelerate troubleshooting and root cause isolation for incidents in their apps and microservices running on AWS by detecting anomalies in 500+ AWS CloudWatch metrics and automatically categorizes anomalies by incident timeline, AWS account, region, namespace, entities, AWS tags, and more dimensions. This is not enabled by default in your account, and requires you to install the AWS Observability solution, and be an Enterprise account holder.
- Behavior Insights leverages machine learning to detect patterns, outliers, and changes in underlying service behavior to isolate and automatically explain the root causes of application issues.
Underneath these capabilities is expanded support for Open Source frameworks including Open Telemetry for tracing data and Telegraf for increasing the breadth of technologies we collect metrics from.
September 30, 2020 (Security)
Update - We're pleased to inform you of the availability of additional password policy options as well as the updates to the password forms.
September 14, 2020 (Apps)
New - We're pleased to inform you that a new collection process to export metrics from vRops is now available.
September 10, 2020 (Manage)
New - Participating in Sumo Logic beta programs just got easier. Now, your Account Owner can opt-in to our beta terms and conditions from the Account page in the Sumo UI. You can do the paperwork once, and get access to beta features faster.
September 3, 2020 (Apps)
Update - Auto-Subscribe AWS Log Groups to a Lambda Function integration is updated with configurable delay and support for filtering log groups using tags.
September 1, 2020 (Solutions)
New - AWS Observability Solution simplifies the monitoring and troubleshooting of your AWS cloud infrastructure. Switching across multiple AWS accounts, regions and services to understand service health? Get intuitive views and search capabilities across your AWS hierarchies with our AWS Observability Solution. Get real-time insight in minutes with over 40 out-of-the-box dashboards.
New - Root Cause Explorer is an AWS Observability add-on that helps your on-call staff, DevOps, and infrastructure engineers accelerate troubleshooting and root cause isolation for incidents in their apps and micro services running on AWS. Root Cause Explorer helps you correlate unusual spikes also known as Events of Interest (EOIs) in AWS CloudWatch metrics, using the context associated with the incident.
September 1, 2020 (Metrics)
New - We are excited to announce the release of the Metrics filter operator. You can use the filter operator to limit the results returned by a metric query. There are several ways you can restrict results whether by aggregation function, or on how many times the value of individual data points meet a value condition over a particular duration.
Update - We've updated the Host Metrics Source to improve your metrics query experience. We've added a new dimension to the network interface metrics that the source collects: description. So, now you can query network interface metrics by the network interface description.
September 1, 2020 (Security)
Update - Global Intelligence for AWS CloudTrail is now Global Intelligence for AWS CloudTrail SecOps. You can detect potentially malicious configuration changes in your AWS account by comparing AWS CloudTrail events in your account against a cohort of AWS customers. CloudTrail events are curated from AWS penetration tests and operational best practices. We've reduced false positives by filtering out AWS CloudTrail events from legitimate cloud services including AWS itself and CloudHealth by VMware.
August 21, 2020 (Apps)
New - We're pleased to announce the Artifactory 7 Logs support in the Artifactory App. You can Install the App by selecting the desired version from dropdown.
August 14, 2020 (Apps)
New - We're pleased to announce the etcd3 support in the Kubernetes Control Plane App which provides immediate visibility into etcd3 health, cache statistics, resource usage, and etcd3 logs for quick analysis. On account of metrics renaming in 1.16, the Kubernetes Control Plane App is now available in the below two versions:
- Kubernetes 1.16 or later.
- Kubernetes 1.15 or earlier.
August 10, 2020 (Manage)
New - Health Events are now available to all paid accounts. This includes all Enterprise accounts, and also the Cloud Flex Professional and Cloud Flex Credits Essentials account types. Health events allow you to keep track of the health of your Collectors and Sources. You can use them to find and investigate common errors and warnings that are known to cause collection issues. When used in combination with our Enterprise Audit Apps, Health Events provide a proactive monitoring framework, differentiated from our competitors' reactive solutions, where you need to debug data collection after having suffered data loss or downtime. At present, Health Events provide observability for Collectors and Sources, however, the framework will be extended to other areas of our service as development continues.
August 7, 2020 (Apps)
Update - StackRox is updated with security policies to support logical operators. You can now use the AND, OR, and NOT Boolean operators to combine the policy criteria to create highly specific security policies. It also allows you to narrow down the searches to discover the precise image contents, deployment configurations, or runtime activities.
New - We're pleased to announce the CoreDNS support in the Kubernetes App which provides immediate visibility into CoreDNS health, activity and gives an overview of resource usage within clusters.
August 5, 2020 (Collection)
New - We've a new way to collect CloudWatch Logs using the CloudFormation template which uses the Sumo HTTP Endpoint stored securely in AWS SSM Parameter Store.
August 3, 2020 (Metrics)
New - We've released a new metric operator: outlier. You can use the outlier operator in metric queries to identify and visualize metrics data points that are outside the range of expected values.
July 31, 2020 (Manage)
Upcoming - On ---## August 31, 2020, Sumo Logic will end support for Internet Explorer 11. We recommend that you find an alternative browser as soon as possible.
July 31, 2020 (Search)
New - Behavior Insights comes with three new log search operators to accelerate insights, troubleshooting, and action plans using structured logs. Behavior Insights helps answer the following questions:
- What activity patterns are evident from structured logs?
- What patterns are trending?
- Which groups of users, apps, services, or resources are responsible for regular and irregular activity in logs?
Modeled after LogReduce, the new operator LogReduce Keys clusters JSON logs based on keys providing an at-a-glance summary of patterns in logs based on their schema while ignoring specific values. The new operator LogReduce Values clusters JSON logs based on the values of keys.
The third Behavior Insights operator, LogExplain, finds the root cause of outliers in logs based on conditions you specify.
July 30, 2020 (Collection)
New - Archive lets you forward log data from Installed Collectors to AWS S3 buckets to collect at a later time. If you have logs that you don't need to search immediately, you can archive them for later and ingest them on-demand with hourly granularity.
The key new components provided are:
- An AWS Archive Destination that lets you set up your AWS S3 buckets as archive destinations.
- A Processing Rule type, "Archive messages that match" that archives log data with Installed Collector Sources.
- An AWS S3 Archive Source to ingest data from an Archive destination.
- An Archive page to view all the AWS S3 Archive Sources and ingestion jobs in your account, as well as creating ingestion jobs.
July 23, 2020 (Dashboard (New))
New - We're proud to announce the release of Dashboard (New), which provides you deeper visual control across logs and metrics data-sources, so you can build the perfect dashboard for your monitoring and troubleshooting needs. This is the first of many cool updates as we build towards a dashboard framework that is visually expressive, troubleshooting optimized, and hyper-performant.
July 14, 2020 (Search)
Update - Scheduled Searches now have a maximum allowed time range for each frequency. The following are the new maximum time ranges by frequency:
| Frequency | Max Allowed Time Range | | Real Time | 15 min | | 15 min | 1 Day | | 15 min -1 hour | 7 Days | | 1 hour - 3 hours | 15 Days | | 3 hours - 12 hours | 30 Days | | More than 12 hours | More than 30 days |
July 10, 2020 (Apps)
Update - Cloudflare app dashboards have been substantially improved with optimized queries by eliminating unwanted parsing and enhancing the lookup positions through optimization.
July 7, 2020 (Manage)
New - Read all about our new Certification and Training site which you can access from the Certification tab in the product. We've added an Onboarding section as well as improved your self-paced and test taking experience. Also Certification exams in Spanish and Japanese are readily available in any production environment so have fun and get Certified!
July 7, 2020 (Security)
New - Sharing is good, over-sharing, not so much. So, we've added a new security policy you can use to ensure that shared dashboards don't display data that users they're shared with shouldn't see. The new policy is Data Access Level for Shared Dashboards. If your role grants you the "Manage organization settings" capability, you can enable the new policy on the Manage > Security > Policies page. By default, once you enable this policy, any newly-created dashboards will run under the role search filter of the users it is shared with.
Also with the goal of giving you better control of your data, we've introduced a new role capability: "Change Data Access Level of Dashboards". Users with this capability can change the data access level of dashboards that are shared with them with edit or manage permission.
June 25, 2020 (Search)
Update - An underlying change has occurred in the ASN lookup operator because of a change made by our vendor. You ---## May see the organization ID instead of the name in the results. We are working on an update to make things consistent, but for now, you may see unexpected returns.
June 25, 2020 (Apps)
Update - We have optimized the searches in dashboard panels in the Akamai CloudFront, Akamai Cloud Monitor, Fastly app dashboards.
June 18, 2020 (Metrics)
New - There's a new operator in town: fillmissing. This metric operator comes in handy for metric data sets in which some timeslices contain no data points. You can use fillmissing
in a metric query to fill empty time slices in metric query results with a derived data point. You can choose between several methods of deriving a data point, or leave empty timeslices empty.
June 18, 2020 (Search)
Update - The volume of data scanned is displayed on the Search page when searching an Infrequent Tier Partition.
June 16, 2020 (Search)
New - We are pleased to announce the General Availability of the Search Audit Index which provides event logs on search usage and other activities for your account. The index allows you to monitor and audit the search queries being run within your account, the types of queries, the users running them, and more. This is available only to our customers in Enterprise account types (Enterprise, Enterprise Operations, Enterprise Security, and Enterprise Suite).
June 16, 2020 (Apps)
New - We are pleased to announce the General Availability of the Enterprise Search Audit App, which provides immediate visibility into your account's search activity and gives an overview of search usage within your org. The pre-configured dashboards help you identify opportunities for improving search performance using the Search Audit Index. This app is only available for our Enterprise customers (Enterprise, Enterprise Operations, Enterprise Security, and Enterprise Suite).
You can use the Enterprise Search Audit App, only if an administrator has enabled the Search Audit Index. For more information, see Enable and Manage the Search Audit index.
June 15, 2020 (Security)
Update - By popular demand, we've made some changes to the capabilities you can assign to roles in Sumo Logic. Our goal was to give you more fine-grained control of Sumo functionality when you set up roles. Here's what we did:
- We replaced the Manage Indexes capability with four new capabilities: View Partitions, Manage Partitions, View Scheduled Views, and Manage Scheduled Views. Any existing role that previously had the Manage Index capability now has four new capabilities.
- We provided new capabilities that you can use to provide view-only access to Field Extraction Rules.
- We added two capabilities related the Fields feature: View Fields and Manage Fields.
So what do you need to do because of this change? There's nothing you have to do. However, if you'd like to let users view information about resources like Partitions, Scheduled Views, Fields, and Field Extraction Rules without letting them change them, you can easily accomplish that with the new view-only capabilities.
June 15, 2020 (Search)
Update - Scheduled Search no longer permits Static Time ranges to be set when scheduling a search. You must choose a relative time range, This is to ensure the longevity of your scheduled searches and to help you get useful results.
June 5, 2020 (Apps)
New - We are pleased to announce Global Intelligence for AWS CloudTrail DevOps, which guides infrastructure engineers, on-call staff and DevOps users to accelerate root cause analysis for incidents through error rate and configuration insights benchmarked from our AWS customers for the following AWS services:
- EC2
- Lambda
- Auto Scaling
- S3
- ELB
- RDS
- DynamoDB
- ElastiCache
- Redshift
The benchmarks rely on 15 million data points per week from AWS CloudTrail logs and baseline service availability, throttling, account quota and insufficient capacity/out-of-stock errors in 27 AWS regions by AWS service, API, account, and instance type. The app recommends configuration improvements to key AWS services based on baseline usage such as memory and concurrency settings for AWS Lambda, provisioned IOPS for DynamoDB and min/max sizes of EC2 Auto Scaling groups.
May 21, 2020 (Collection)
New - We have Extended HTTP Metadata Collection capabilities. HTTP Sources receiving log data can now process headers into metadata fields.
New - Kubernetes Collection 1.0.0 introduces multiple enhancements to the collection process.
- Standardized and reorganized the configuration options in the values.yaml for clarity and ease of use.
- Exposed full control of the Fluentd pipeline with values.yaml which allows you to easily extend the collection process. You can fork data to multiple destinations, add custom log sources, and attach additional filters to the Fluentd pipeline.
- Reduced the default collected metrics to only what the Kubernetes apps require.
- Split the FluentD Deployment into two StatefulSets, one for logs and one for metrics. This change enables better use of persistent volumes and improved buffering.
- Falco has been disabled with an upgrade to a more recent version which disables the BitCoin mining rule that affected AWS GuardDuty users. We have also disabled Falco by default while we work through the incompatibilities with certain operating systems.
You can read more about the changes in our migration document.
Since this is a breaking change if you're running earlier versions of collection, we have provided a migration guide and migration script to make it much easier for you to upgrade to this release.
May 20, 2020 (Manage)
\ We've made it easier for you to Manage Logs and Metrics settings by removing the generic Settings area. This should help you easily locate which settings you want to manage for Logs or Metrics:
| Logs | Fields, Field Extraction Rules (FERs), Partitions, Scheduled Views, Data Forwarding | | Metrics | Metrics Rules, Logs-to-Metrics, Metrics Transformation Rules |
May 18, 2020 (Security)
New - We added a new role capability you can use to control access to the Account Overview page in Sumo Logic. Previously, any Sumo user had view-only access to this page. The new capability is View Account Overview, and your Account Owner, and users with the Admin role now have it. Your Sumo administrator can assign the capability to other users or roles, as desired. Because users without the capability won't be able to see the Account Overview page, where your Organization ID is shown, we've updated the Preferences page in the Sumo Logic UI to also display your Organization ID. That way, users who can't view the Account Overview page can find your Organization ID, useful when dealing with Sumo Support.
If you previously had access to the Account Overview page and need the information it contains, contact your Sumo administrator to obtain access.
May 5, 2020 (Collection)
Sumo Logic now supports collection from AWS GovCloud regions. AWS GovCloud is a set of specific regions authorized to a FedRAMP-High baseline. GovCloud regions meet higher regulatory and compliance requirements set by government agencies and U.S. customers that manage sensitive data in the cloud. These regions are where users with strict compliance requirements ---## May operate in adherence with ITAR, FedRAMP, and DoD requirements. Users of Sumo Logic can now collect logs and metrics from AWS services and sources running with GovCloud, assuring that customers can continue to meet their regulatory requirements while using our Operational Intelligence Platform.
While Sumo Logic does provide collection of logs and metrics from GovCloud regions, Sumo Logic does not itself run in AWS GovCloud. Be aware, collection of data from AWS GovCloud means logs, metrics, and data will be leaving a FedRAMP-high environment. For this reason, we recommend that customers with elevated compliance and regulatory requirements use our FedRamp deployment.
April 30, 2020 (Apps)
New - Infrequent Data Tier App provides visibility into the On-demand Search usage and costs associated with Infrequent Data Tier by providing intuitive pre-configured dashboard and searches.Infrequent Data Tiers are an economical, fully managed log analytics solution for high volume, infrequently accessed data. With Infrequent Data Tiers, organizations have a solution that can aggregate, store and analyze verbose sources such as App Debug, CDN, Load Balancer, and other infrequently accessed logs at a dramatically lower price point.
April 30, 2020 (Collection)
New - Sometimes good things come in threes. That's true of our Data Tiers---we have added the Infrequent tier to keep the Continuous and Frequent tiers company. (Data Tiers are what we previously called Analytics Tiers.)
The Infrequent tier is a cost-effective, fully managed log analytics solution for high volume, infrequently accessed data. This tier allows you to aggregate, store, and analyze verbose data that you access infrequently, like debug, CDN, and load balancer logs---at a dramatically lower price point, starting at only 10 cents per GB ingested.
The Infrequent tier is only available only in Enterprise Suite available with Cloud Flex Credits packaging.
April 21, 2020 (Search)
The Field Extraction Rules page has a new look and shows you the total number of fields your rules are using. When creating a rule you'll see and can select specific fields you want the rule to assign.
April 17, 2020 (Integrations)
New - VMware AirWatch Integration with Sumo Logic provides visibility for monitoring enterprise mobility management in your deployment. The unified digital workspace platform simplifies and secures app access and IT management throughout your environment. VMware AirWatch is an enterprise mobility management (EMM) software and standalone management systems for content, applications and email.
April 13, 2020 (Apps)
New - The Zoom App provides visibility into how Zoom is being used across your organization, displaying analytics on performance, availability, security, and user activity. The app aggregates and reports on data so you can correlate and investigate trends and respond to incidents across all of your IT tools in a consistent and timely manner. Zoom uses Webhook events, that are documented in full on this Zoom web page.
Update - Kubernetes App has two new dashboards:
- The **Kubernetes - DPM** dashboard provides insights into where Data Points Per Minute (DPMs) originate so you can determine ways to reduce them for optimum performance. Panel analytics show DPMs by collector, namespace, pod, container, and cluster.
- The **Kubernetes - DPM Timeseries** dashboard provides visibility into the number of DPM timeseries and their breakdowns. This, combined with DPM analytics, enables you to determine ways to reduce DPMs for optimum performance.
March 30, 2020 (Solutions)
New - Atlassian Solution integrates all of your Atlassian cloud tools to provide real-time DevOps monitoring and troubleshooting capabilities throughout your environment. By leveraging data from multiple Atlassian products, the Sumo Logic Atlassian solution enables development teams to benchmark their performance in minutes against the industry-leading metrics and drill down into actionable insights to continuously improve their software delivery performance.
Sumo Logic Apps for the Atlassian products:
- Jira Cloud - Provides insights into project management issues to more effectively plan, assign, track, report, and manage work across multiple teams.
- Jira (Server) - Provides insights into Jira usage, request activity, issues, security, sprint events, and user events.
- Bitbucket - Provides insights into project management to more effectively plan and manage development and deployments.
- Opsgenie - Provides at-a-glance views and detailed analytics for alerts on your DevOps environment.
- Atlassian - Integrates access to all your Atlassian cloud tools with real-time monitoring capabilities across your environment.
March 27, 2020 (Security)
New - We've added a new Sumo Logic security policy---Per User Concurrent Sessions Limit---that you can use to limit the number of sessions users can have open at a time. For increased account security you can implement this new policy to help prevent user account sharing.
Update - If you're a Sumo Logic administrator, check out our new and improved UI for managing users and roles in Sumo Logic. The new UI provides a more streamlined experience with a side panel for creating and editing users and roles.
March 25, 2020 (Solutions)
New - The Work From Home Solution is a suite of in-depth apps to support businesses transitioning to a remote workforce. This Solution provides visibility and management for your remote workforce with SSO, remote access, endpoint security and productivity SaaS apps to ensure that your employees can work from home productively and safely. Monitor availability, performance, user activity and collaboration, and security across your workforce locations.
March 17, 2020 (Metrics)
Update - The rate metric operator now supports two new options: increasing
and decreasing
. These options are useful when you are calculating the rate of change of a counter over time. If you use the increasing
option, the operator will consider only those pairs of consecutive points where the second point in the pair is greater than the first point. Similarly, if you use the the decreasing
option, the operator will consider only those pairs of consecutive points where the second point in the pair is less than the first point.
March 10, 2020 (Apps)
Update - Audit app has added a new Scheduled Search - Triggered Summary dashboard that provides information on scheduled searches that have been triggered, along with details on related alerts and Webhooks.
March 3, 2020 (Partner Apps)
New - Partner App for Alcide kAudit. The Alcide kAudit app automatically analyzes Kubernetes audit logs to detect anomalous behavior of users and service accounts. kAudit automatically detects security-related issues related to Kubernetes' administrative actions, especially anomalous behavior that can only be detected from observing extended context over multiple activities. In addition, kAudit supports Audit rules to detect violations of organization compliance policies regarding Kubernetes usage. Incident forensics, along with audit statistics, are presented in graphical and tabular summaries for easy investigation and analysis.
New - Partner App for ARIA Packet Intelligence app. The ARIA Packet Intelligence app, by ARIA Cybersecurity, creates unsampled NetFlow or IPFIX metadata for every network packet. This allows for the detection of network-borne attacks, including ransomware, malware, APTs and intrusions early in the kill chain before significant harm occurs. It provides visualization and profiling of all internal network traffic, within a Sumo Logic environment, to detect possible threats and verify connectivity policies.
March 2, 2020 (Metrics)
Update - We've simplified the configuration options for metric monitors. Previously, the condition for triggering a critical or warning alert was based on a threshold metric value, a time duration, and the percentage of the time duration that metrics were above or below the threshold value. We removed the percentage of time option because we found that customer usage of it was very low.
February 13, 2020 (Collection)
Beta - Collection Health Events allow you to keep track of the health of your Collectors and Sources. You can use them to find and investigate common errors and warnings that are known to cause collection issues. When used in combination with our Enterprise Audit Apps, Health Events provide a proactive monitoring framework, differentiated from our competitors' reactive solutions, where you need to debug data collection after having suffered data loss or downtime. At present, Health Events provide observability for Collectors and Sources, however it will expand to other areas of our service as development continues. This is available as a closed Beta to Enterprise accounts. To participate contact your Sumo Logic account executive or sign up for an enterprise trial account.
February 12, 2020 (Search)
New - Lookup autonomous system information for an IP address with the ASN Lookup operator.
February 10, 2020 (Search)
Update - Webhook alerts now support sending an alert for each result returned from a scheduled search.
February 7, 2020 (Apps)
New - Global Intelligence for Amazon GuardDuty
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. The Sumo Logic App for Global Intelligence for Amazon GuardDuty analyzes GuardDuty threats from the Sumo Logic population to create baselines of threats. These baselines enable you to optimize security posture and remediation based on how unusual your GuardDuty findings are compared to Sumo Logic customers. The App includes pre-configured dashboards and searches with visual displays for global threat baselines and real-time threat detection across your AWS environment.
New - Global Intelligence for AWS CloudTrail
The Global Intelligence for AWS CloudTrail App enables you to detect potentially malicious configuration changes in your AWS account by comparing AWS CloudTrail events in your account against a cohort of AWS customers. CloudTrail events are curated from AWS penetration tests and operational best practices.
January 13, 2020 (Alerts)
New - You can now set up a ServiceNow Incident Webhook connection, and create scheduled searches for the connection. Webhook connections allow you to send Sumo Logic alerts to third-party applications that accept incoming Webhooks.
2019 Archive
This is an archive of the 2019 Sumo Logic Service Release Notes. The current Service Release Notes are here.
December 20, 2019 (Collection)
New - Configure logs for VMware vRealize Log Insight and then forward your logs to Sumo Logic. VMware vRealize Log Insight is a log management and analytics tool.
December 10, 2019 (Search)
Update - Relative time range expressions are now supported in URLs that run a search.
December 9, 2019 (Security)
Update - We've improved the authentication process for Sumo users that have multiple accounts. Now, you can seamlessly switch between accounts, either on the same deployment or different deployments, without re-authenticating. For more information, see Multi-Account Access.
December 9, 2019 (Collection)
New - Amazon MSK Prometheus metrics collection page provides instructions for configuring metrics collection for Amazon MSK. As part of Amazon MSK's Open Monitoring, Kafka metrics are exposed to third-party sources for monitoring and troubleshooting MSK clusters.
Beta- Archive lets you forward log data from Installed Collectors to AWS S3 buckets to collect at a later time. If you have logs that you don't need to search immediately, you can archive them for later and ingest them on-demand with hourly granularity. To get started, contact your Sumo account executive or sign up for an enterprise trial account.
The key new components provided are:
AWS Archive bucket a Data Forwarding destination that lets you set up your AWS S3 buckets as archive destinations.
Archive messages that match aProcessing Rule that lets you archive log data with Installed Collector Sources.
AWS S3 Archive aHosted Collector Source allows you to ingest data from an archive destination.
AWS S3 Archive Source to ingest a specific time range of data from your Archive at any time.
December 9, 2019 (Metrics)
New - Content sharing for metric queries is now available. You can save metric queries with the time range, chart, outlier detection, and quantization settings to the Sumo Logic Library. You can export or import a saved metric query, copy it, share it with others, and delete it from the library.
November 20, 2019 (Search)
New - The Field Browser has the following enhancements:
- Nested fields, such as those seen in JSON, are grouped together based on their innate structure that is easy to traverse.
- You can search for fields in the Field Browser, a feature that is especially useful when you have hundreds of fields parsed from messages.
November 8, 2019 (Collection)
Update -- The Sumo Logic Netskope collector has been optimized for better performance and to ensure continuous ingestion throughout the collection process.
November 4, 2019 (Security)
Update - It won't take long to notice we've sped up the Sumo Logic login process.
November 4, 2019 (Apps)
New - The Sumo Logic App for Acquia provides visibility into the key components of the Acquia platform with preconfigured dashboards for Apache, Varnish, PHP, FPM and Drupal. Sumo Logic provides instant visibility across the critical components of the Acquia Platform, helping organizations become more proactive in their site monitoring as well as reducing the mean time to identify and resolve issues.
October 18, 2019 (Apps)
New - The CrowdStrike Falcon App provides visibility into the security posture of your endpoints as analyzed by the CrowdStrike Falcon platform deployed in your network. The app allows you to analyze indicators of compromise (IOCs) by affected users, tactic, technique, and objective, and identify hosts on your network with the highest malware detections. The dashboards in this app help identify malware, from which you can drill down to investigate malicious behavior.
The CrowdStrike Falcon Platform is a cloud-native framework that protects endpoints to stop breaches and improve performance with the robust power of the cloud combined with an intelligent, lightweight agent.
Note: This version of the CrowdStrike Falcon App and its collection process have been tested with SIEM Connector Version 2.1.0+001-siem-release-2.1.0.
New - The Palo Alto Networks 9 App utilizes PANOS 9 new features in predefined dashboards to provide extensive security analytics throughout your Palo Alto Networks environment. New PANOS 9 features include:
- GlobalProtect
- Panorama
- User-ID
- App-ID
- Content Inspection
- DNS Security
Palo Alto Networks 9 provides consistent protection across the data center, perimeter, branch, mobile and cloud networks.
Update - The JFrog Xray App now includes three methods from which you can choose to configure log collection from JFrog Xray:
September 10, 2019 (Apps)
New - The Sumo Logic App for Twistlock provides a comprehensive monitoring and analysis solution for detecting vulnerabilities and potential threats within your Kubernetes and containerized environments. Twistlock is a cloud native cybersecurity platform for hosts, containers, and serverless setups that ensures the protection of all your workloads across any environment.
New - The Sumo Logic App for Istio provides visibility into the health and performance of Istio and its control plane components, including Mixer, Galley, Citadel, Pilot and Envoy. App dashboards also allow you to monitor how services and applications are performing in Istio Mesh, providing insights into service latency, errors, network traffic, and request workloads. Istio reduces the complexity of managing Kubernetes deployments by providing a uniform platform for securing, connecting, and monitoring microservices.
September 10, 2019 (Explore)
Explore provides visual hierarchy of the clusters in your environment that allows you to view and switch between clusters with a single click. Explore, used in conjunction with the Sumo Logic Kubernetes App, allows you to intuitively monitor and troubleshoot issues as they arise.
September 10, 2019 (Metrics)
New - Metrics Transformation Rules allow you control how long raw metrics are retained. You can also aggregate metrics at collection time, improving query performance, and specify a separate retention period for the aggregated metrics.
New - Understand the Kubernetes Metrics that you can collect with our Kubernetes collection and then visualize with Explore.
September 10, 2019 (Logs)
New - Enriching your logs with metadata is now easier and more robust. Log metadata is configured in Sumo as fields consisting of key-value pairs that are tagged to logs during collection.
- Fields are now manageable, you can view fields in use, what features are referencing them, and delete any that are unneeded.
- You can now define fields on Sources and Collectors so they enrich your logs when collected.
- Log data sent to HTTP Sources now support fields passed with the X-Sumo-Fields HTTP header.
- Our AWS Metadata Source now supports tagging log data ingested by Installed Collectors on EC2 instances.
See Data Enrichment using Log Metadata for more details.
September 9, 2019 (Apps)
New - The JFrog Xray app provides visibility into the state of artifacts and components in your JFrog Artifactory repository. The pre-configured dashboards present information about issues detected in your software components in Artifactory, including vulnerable containers, artifacts and components; license and security issues; and top Common Vulnerabilities and Exposures (CVEs).
New - The Sumo Logic App for Kubernetes provides visibility into the worker nodes that comprise a cluster, as well as application logs of the worker nodes. The App is a single-pane-of-glass through which you can monitor and troubleshoot container health, replication, load balancing, pod state and hardware resource allocation. The App utilizes Falco events to monitor and detect anomalous container, application, host, and network activity.
New - The Sumo Logic App for Kubernetes Control Plane manages the master node control plane, including the API server, etcd, kube-system and worker nodes. The App utilizes Falco Kubernetes Audit events to monitor and detect notable or suspicious activity such as creating pods that are privileged, mount sensitive host paths, use host networking, and the like. Seamlessly integrated with the Sumo Logic Kubernetes App, preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.
New - The Sumo Logic App for Amazon EKS Control Plane provides visibility into the EKS control plane with operational insights into the api server, scheduler, control manager, and worker nodes. The app's preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.
New - Sumo Logic App for Azure Kubernetes Service (AKS) Control Plane provides visibility into the AKS control plane with operational insights into the API server, scheduler, control manager, and worker nodes. The app's preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.
New - Sumo Logic App for Google Kubernetes Engine (GKE) Control Plane allows you to monitor resource-related logs and metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets. The app provides visibility into the GKE control plane with operational insights into the api server, control manager, and worker nodes. This App works in conjunction with Sumo Logic Kubernetes app, that provides visibility into worker node metrics and application logs.
August 30, 2019 (Apps)
New - The Sumo Logic App for Slack provides monitoring and data analytics for Slack users, channels, access logs for workspaces with free, standard, plus and enterprise plans. The app is focused on public channels only.
Slack is a cloud-based set of software tools and online services that provides for secure collaboration across teams, departments, offices and countries.
August 26, 2019 (Apps)
New - The Sumo Logic App for MongoDB Atlas is now available. The MongoDB Atlas App allows you to monitor database operations, performance KPIs and provides visibility into the security posture of your clusters. with the following dashboard types:
- Operations: Formonitoring database operationsand cluster health
- Performance: For insights into slow queries, database and hardware metrics
- Security: For visibility into user logins, audit events, project and organizational activity, incoming threats, and IOCs.
The MongoDB Atlas App supports MongoDB Version 3.4 and above.
MongoDB Atlas is a global cloud database service designed specifically for cloud-based applications. MongoDB Atlas runs in AWS, Azure, or GCP environments, with guaranteed availability, scalability, and compliance with data security and privacy standards.
August 26, 2019 (Security)
Update - The user interaction for resetting your Sumo Logic password has been simplified. Now, when you click the Forgot your password link, Sumo sends you an email with a link to a page where you can immediately reset your password. You no longer have to log in with a temporary password before resetting your password.
August 19, 2019 (Security)
New - The Sumo Logic app for Cisco Meraki is released. The app provides a single-pane-of-glass for monitoring and troubleshooting network security, end-to-end performance, switch port management, and device management of your Cisco Meraki wireless infrastructure management platform.
August 5, 2019 (Search)
New - You can use the bin operator to sort results in a histogram to easily observe the distribution of your data.
July 29, 2019 (Collection)
Update - To help you keep track of the capacity usage of your ingest budgets we have provided an audit threshold setting. Previously the threshold was fixed at 85% capacity, now it is customizable.
July 12, 2019 (Apps)
Update - The Jenkins App allows you to monitor multiple Jenkins master nodes from a single-pane of glass. This version of the app provides new and updated dashboards, and supports freestyle and pipeline jobs, as well as pipeline, maven and multi-branch pipeline projects.
July 10, 2019 (Security)
Update - We've added the ability to provide descriptions to Service Whitelists to help you identify and manage whitelisted IP addresses.
July 8, 2019 (Metrics)
Update - AWS users take note: you can now use the same AWS metadata tags you use to manage your Amazon resources to control what metrics you ingest to Sumo! We've expanded our support for filtering CloudWatch metrics by AWS tags to most AWS namespaces. You can also use AWS tags in metrics queries. For more information see Amazon CloudWatch Source for Metrics.
June 24, 2019 (Apps)
New - The Sumo Logic Amazon GuardDuty Benchmark App integrates Global Intelligence Service (GIS) with Amazon GuardDuty for continuous machine learning and statistical baselines for KPIs (key performance indicators) and KRIs (key risk indicators). These baselines enable you to optimize security configuration and threat detection on all your AWS accounts. The App includes preconfigured dashboards and searches with visual displays for global threat baselines and real-time threat detection across your AWS environment.
Amazon GuardDuty is an intelligence threat detection service that provides accurate, continuous monitoring to protect AWS accounts and workloads.
June 5, 2019 (Security)
New - The new Enterprise Audit Event Index provides additional events and event information in JSON format. These messages provide more context on the interactions and events occurring within your account allowing administrators an easy way to reconstruct the series of user interactions that led to an object's current state. This new Audit Event Index and the associated Apps are available to any Customer on a Sumo Logic Enterprise Plan.
June 3, 2019 (Apps)
Update - The Enterprise Audit Apps are now Generally Available. The following Enterprise Audit Apps present information on account management activities, user activities, as well as management of library content (searches, dashboards/reports, and folders) for your Sumo Logic account:
- Enterprise Audit - Collector and Data Forwarding Management App presents information on Collector, Sources activities, and data forwarding trends by destination types.
- Enterprise Audit - Content Management App provides information on content activities, such as content that is created, updated, deleted, imported, exported, copied, moved, publicly accessed, made visible to the public, and application installed.
- Enterprise Audit - User & Role Management App provides visibility on user activities such as creating, deleting, and modifying user roles, email account, and password changes. You can also review various user session data.
- Enterprise Audit - Security Management App provides visibility into security posture, such as Access Key Activities, SAML Activities, Password Policy, Multi-Factor Authorization (MFA), and Service WhiteList activities within your Sumo Logic Environment.
June 3, 2019 (Metrics)
Update - Attention metrics users: we've enhanced Sumo Logic data metric ingestion volume logging. Now, you can track the volume of metrics generated by your logs-to-metrics rules, in addition to tracking data points ingested by collector, source, source name, source category, and source host. For more information, see Metrics Data Volume Index.
May 31, 2019 (Metrics)
New - We've released the histogram_quantile operator which calculates the φ-quantile (0 ≤ φ ≤ 1) from the buckets of a Prometheus histogram. It is only for the Prometheus Histogram data type.
May 28, 2019 (Apps)
Update - Box App event collection has been streamlined for ease of use.
May 13, 2019 (UI Navigation)
We've updated tab navigation to help you manage multiple search, metric, and dashboard tabs. The Tab Browser is available from the details icon near the New tab, and your current tab is highlighted to help you get around.
May 2, 2019 (Apps)
New - The Barracuda WAF App analyzes traffic flowing through the Barracuda WAF and provides pre-configured dashboards that allow you to monitor WAF traffic as well to analyze various types of attacks detected both by Barracuda and Sumo Logic's own Threat Intelligence database. The Barracuda Web Application Firewall protects your web, mobile and API applications from being compromised, prevents data breaches, ensure protection from web attacks, provide control access and authentication.
Update - The Apache App has been updated with the following new dashboards as well as performance enhancements:
- Apache - Error Overview Dashboard provides a high-level view of log level breakdowns, comparisons, and trends.
- Apache - Threat Analysis Dashboard provides an at-a-glance view of threats to Apache servers on your network.
- Apache - Outlier Analysis Dashboard provides a high-level view of Apache server outlier metrics for bytes served, number of visitors, and server errors.
April 30, 2019 (Collection)
New - Ingest Budgets allow you to track and control how much data is ingested into your account to avoid overages in environments where data ingestion can spike unexpectedly. See how to control your data flow with Ingest Budgets.
April 30, 2019 (Search)
Update - Right-Click Selected Text. We've changed the click interactions on the Search page based on your feedback. Instead of giving you a list of menu options automatically after you highlight text, you now have to right-click to get menu options.
April 23, 2019 (Apps)
Update --- The AWS Security Hub App has an updated collection process, to collect findings. Sumo Logic provides a serverless solution for creating a CloudWatch events rule and a Lambda function(SecurityHubCollector) to extract findings from AWS Security Hub.
April 18, 2019 (Apps)
Update - The Cloudflare App now has a Security (Bot Management) dashboard that reliably detects and mitigates bad bots to prevent credential stuffing, spam registration, content scraping, click fraud, inventory hoarding, and other malicious activities.
April 12, 2019 (Apps)
Update - The Cisco ASA App now has a Logs and Analytics dashboard with the following panel displays:
- Count of ASA Logs by LogLevel. Displays the logs by LogLevel and Severity.
- Count by Severity Code. Displays the logs by Severity Code.
- Parameterized Search. Log Details with counts.
April 9, 2019 (Apps)
Update - The Azure Web Apps collection procedure has been improved. The Collect Logs for Azure Web Apps process is now similar to Blob Storage Collection. The Azure Web Apps App allows you to collect Azure web server and application diagnostics logs and monitor the health of your Azure Web Apps environment. The App provides preconfigured Dashboards that allow you to monitor server operation and traffic requests and response times.
April 5, 2019 (Apps)
Update - The IIS 7 App has dark-theme dashboards. The IIS 7 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. Additionally, you can monitor customer paths and interactions to learn how customers are using your product. The app consists of predefined searches and Dashboards, which provide visibility into your environment for real time or historical analysis.
Update - Microsoft SQL Server App has updated collection scripts and collection configuration instructions. The Microsoft SQL Server App provides insight into your SQL server performance metrics and errors.
April 1, 2019 (Apps)
Update - The G Suite App allows you to monitor and analyze activities across all G Suite applications from a single location. Comprehensive dashboards display information on administrative and user activities, Google Drive usage, and logins. Dashboards also provide full visibility into alerts from G Suite Alert Center, allowing you to investigate and correlate alerts and monitor potential threats across all G Suite apps.
March 25, 2019 (Apps)
New - Enterprise Audit Apps are JSON based to provide for more meaningful audit messages. The Apps generate queries that are compatible with the new Sumo Logic Audit Event Index. The Enterprise Audit Apps do not support the previous version of the Audit Index. :::Note This feature is in Beta. To participate contact your Sumo account executive. :::
- Enterprise Audit - Collector and Data Forwarding Management App presents information on Collector, Sources activities, and data forwarding trends by destination types.
- Enterprise Audit - Content Management App provides information on content activities, such as content that is created, updated, deleted, imported, exported, copied, moved, publicly accessed, made visible to the public, and application installed.
- Enterprise Audit - User & Role Management App provides visibility on user activities such as creating, deleting, and modifying user roles, email account, and password changes. You can also review various user session data.
- Enterprise Audit - Security Management App provides visibility into security posture, such as Access Key Activities, SAML Activities, Password Policy, Multi-Factor Authorization (MFA), and Service WhiteList activities within your Sumo Logic Environment.
March 22, 2019 (APIs)
Update - The security services of our API framework has been upgraded. API requests with multiple forward slashes (//) will receive a "500 Internal Server Error" response.
March 22, 2019 (Apps)
New - The Opsgenie App provides at-a-glance views and detailed analytics for alerts on your DevOps environment, allowing you to effectively monitor and gain valuable insights into your incidents and incident handling operations.
Opsgenie is an incident management platform for operating services that are on 24/7. Opsgenie allows you to plan for service disruptions and stay in control during incidents. Opsgenie centralizes alerts and reliably notifies the correct contacts to ensure timely analysis and efficient action.
New - The IIS 10 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. This app also provides the ability to monitor customer paths and interactions, so you can analyze how customers are using your product. The app provides predefined searches and Dashboards, that give visibility into your environment for real-time and historical analysis.
IIS 10 App uses IIS version 10 logs. For information on the default log formats used for IIS 10 and IIS 8.5, see Collect logs for the IIS 10 App.
March 15, 2019 (Security)
New - Cross-origin resource sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. CORS support allows you to restrict Sumo API calls, or to securely allow remote Web to applications to access Sumo Logic, based on request origin. To leverage CORS support, you associate a whitelist of domains with a Sumo access key. For more information, see Access Keys.
March 1, 2019 (Apps)
New - The Carbon Black App provides a complete security analytics solution by allowing you to correlate, validate and investigate Carbon Black endpoint alerts with alerts from other security vendors and security threat feeds to identify and remediate the root causes of new security threats.
The Sumo Logic App for Carbon Black provides visibility into key endpoint security data from Carbon Black Response and Defense with preconfigured dashboards for alerts, threats intelligence, feeds, sensors, alerts, users, hosts, processes, IOCs, devices, and network status.
Carbon Black Response is an incident response and threat hunting solution designed for security operations center (SOC) teams. CB Response continuously records and stores unfiltered endpoint data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain.
Carbon Black Defense is a next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is available through MSSPs or directly as software as a service via Carbon Black's Predictive Security Cloud (PSC).
Update - The Cylance App now supports the following event and log types:
Device (Device Mgmt - Register, Remove, Updates, SystemSecurity)
Threat (Threats identified and actioned)
ScriptControl (Script Execution control and actions)
ExploitAttempt (Memory Protection)
Threat Classification (Threat classification by Cylance research team)
AuditLog (User Actions performed from Cylance Web Console)
DeviceControl (Control external device like USB, storage connected to system under monitoring)
AppControl
February 22, 2019 (Apps)
Update - The Azure Network Watcher App and Azure Blob Storage App have an enhanced collection processes. The SumoLogic App for Azure Network Watcher leverages Network Security Group (NSG) flow logs to provide real-time visibility and analysis of your Azure Network. The Sumo Logic App for Azure Blob Storage is a Sumo integration that provides a event-based pipeline for shipping monitoring data from Azure Blob Storage to an HTTP source on Sumo Logic.
February 20, 2019 (Apps)
New - The Neskope App provides visibility into the security posture of your applications and helps you determine the overall usage of software and SaaS applications.
Netskope is a Cloud Access Security Broker (CASB) hosted in the cloud. The Netskope product is primarily used for enforcing security policies for cloud-based resources, such as Box and Microsoft Office 365. Customers purchase a CASB to address cloud service risks, enforce security policies, and comply with regulations, even when cloud services are beyond their perimeter and out of their direct control.
February 13, 2019 (APIs)
New - User and Role APIs allow administrators to programmatically create and manage users and roles, making it easy to integrate Sumo into existing onboarding/offboarding business workflows.
February 5, 2019 (Metrics)
New - Metrics now supports Single Value Charts. A single value metric chart is useful for summarizing a time series in a single value, and making that value stand out at a glance. For more information, see Create and Tailor Single Value Metric Charts.
February 4, 2019 (Dashboards)
New - We've added the following enhancements for editing dashboard charts:
- You can now Change the Line Properties of a Chart, using smooth curved lines (splines), adding markers, and choosing the style of marker for your chart.
- You can now Change the Label Size for any chart with an X axis.
February 1, 2019 (Apps)
New - The Amazon ElastiCache Redis ULM App is a unified logs and metrics (ULM) App that provides visibility into key event and performance analytics that enables proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics.
February 1, 2019 (Metrics)
Update - Sumo now logs a message to the audit index when it blacklists a metric source or logs-to-metrics rule. For more information, see Blacklisted Metrics Sources and Logs-to-Metrics.
January 29, 2019 (Apps)
New - The F5 - BIG-IP Local Traffic Manager (LTM) App helps you optimize and secure network traffic patterns coming into your data center using the F5 BIG-IP platform.
January 11, 2019 (Apps)
Update - An update to the Sumo Logic App for Threat Intel for AWS was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template, as well as AWS CloudTrail Logs and AWS ELB Logs.
Update - An update to the PCI Compliance for Amazon VPC Flow Logs was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template.
2018 Archive
This is an archive of the 2018 Sumo Logic Service Release Notes. The current Service Release Notes are here.
December 20, 2018 (Metrics)
Need more metric monitors? You asked, we answered. We've increased the number metric monitors you can create from 50 to 300.
December 12, 2018 (Apps)
New - The Sumo Logic App for PagerDuty V2 collects incident messages from your PagerDuty account via a webhook, and displays incident data in pre-configured Dashboards that allow you to monitor and analyze the activity of your PagerDuty account and Services. The Sumo Logic App for PagerDuty V2 uses Webhooks V2, to provide enhanced context for alert object models.
December 12, 2018 (Operators)
New - You can use the isPrivateIP and isPublicIP operators to determine if an IPv4 address is private or public.
New - You can use the isValidIP operator to check if a string is a valid IP address.
December 4, 2018 (Collection)
New - Searching for Collectors and Sources is now easier. You can filter search results by Installed or Hosted Collectors. See Search for a Collector or Source for details.
November 30, 2018 (Apps)
New - The Sumo Logic App for VMware ULM uses unified logs and metrics (ULM) from the VMware cloud computing virtualization platform to enable monitoring of vCenter, ESXi hosts and individual virtual machines metrics with real-time date displayed in predefined dashboards.
The dashboards provide insight into key events and metrics such as VM CPU, memory, disk utilization, under-provisioned physical hosts, and idle VMs. This enables you to determine capacity constraints and troubleshoot operational issues related to over-provisioning, changes to configuration, and VM movement.
November 28, 2018 (Apps)
New - The Sumo Logic App for AWS Security Hub leverages findings data from Security Hub and visually displays security state data in Dashboards. The dashboards provide a high-level view of findings, showing the type, when they occurred, the resources that were affected, their severity, and their distribution, showing the current security and compliance status of an aws account from all sources.
AWS Security Hub is an AWS security service that provides a comprehensive view of your security state within AWS and your compliance with the security industry standards and best practices.
November 27, 2018 (Apps)
Update - An update to the Sumo Logic App Amazon VPC Flow Logs was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 Source. The alternative Lambda-based collection method is enhanced: you can filter internal traffic logs, and customize your VPC flow logs with the following AWS attributes: vpc-id
, subnet-id
, aws-region
, security-group-ids
, and direction. The updated app also includes a new "Security Groups" dashboard.
November 20, 2018 (API Beta)
New - As part of our new API-centric development approach, we have several new APIs now available. Contact your sales rep to sign up to be one of our Beta Customers for the following APIs:
- Connections
- Content
- Field Extraction Rules
- Ingest Budgets
- Partitions
- Roles
- Scheduled Views
- Users
And the following APIs are coming soon:
- Dashboards
- Metrics Monitors
November 16, 2018 (Apps)
New - The Sumo Logic App for Amazon Aurora MySQL ULM is now available to help you to monitor slow queries executing on the database, the number of connections made, identify users and client hosts, and client locations used to connect to database. The app also provides insights for queries executed per second, CPU utilization, free memory, network utilization, volume read and write IOPS, replica lags, latency, throughput, failed login and connection attempts, and other health and performance related data.
New - The Sumo Logic App for Amazon Aurora PostgreSQL ULM is now available to help you to monitor slow queries executing on the database, the number of connections made, identify users and client hosts, and client locations used to connect to database. The app also provides insights for queries executed per second, CPU utilization, free memory, network utilization, volume read and write IOPS, replica lags, latency, throughput, failed login and connection attempts, and other health and performance related data.
November 6, 2018 (Prometheus Metrics Source Support)
New - Sumo’s HTTP source now supports the Prometheus format, so you can ingest Prometheus metrics directly into Sumo Logic. We’ve also released a handy open source tool for sending Prometheus-formatted metrics to Sumo Logic.
November 6, 2018 (Search)
Update - Keyboard shortcuts are disabled when typing in the search text box.
November 2, 2018 (Apps)
New - The Google Cloud Firewall app is now available to help you monitor request activity and the effect of your firewall rules. The preconfigured dashboards provide insight into ingress and egress request traffic, including the location of allowed and denied requests, allowed and denied requests over time, and the top networks, subnetworks, and VMs by allowed and denied ingress requests.
New - The Sumo Logic App for PostgreSQL is now available to help with monitoring your PostgreSQL database. The app provides operational insights into the PostgreSQL database—installed on your local hardware—for real time analysis. The app includes predefined searches and dashboards that allow you to monitor logs and metrics for the database. The logs enable you to monitor database activity, user activity, incoming connections, query execution time, and errors. The metrics allow you to monitor database resource utilization and throughput performance.
October 31, 2018 (Apps)
Update - An update to the Sumo Logic App for Kubernetes is now available. We updated the searches in the app to work around a bug in the FluentD Kubernetes Plugin. The updated app requires v2.0.0 of FluentD plugin.
Deprecated - The Sumo Logic App for Kubernetes was deprecated September 6, 2019, and replaced with the current Kubernetes App.
October 23, 2018 (Apps)
Update - An update to the Sumo Logic App for Linux is now available. The update includes fixes to capture failed login events for certain event formats, enhancements to support additional use cases for sudo failed attempts, and updated searches and dashboards.
October 23, 2018 (Browser Support)
Update - We now support the latest two versions of the following browsers:
- Chrome latest two versions
- Firefox latest two versions
- Safari latest two versions
- Microsoft Edge latest two versions
We still provide limited support for Microsoft Internet Explorer but due to the age of the browser we will only provide limited support and make best efforts to resolve reported defects. We recommend that you use one of the fully supported browsers.
October 23, 2018 (Webhooks)
New - Instead of sending the whole object, you can now specify one field within the object for webhook notifications from Metrics monitors. We provide a payload variable, AlertSource.fieldname
, that returns the value from the AlertSource object for the specified field name.
New - To help you better organize data you pull from Sumo, we now allow you to add up to five key-value pairs in your webhook header.
October 23, 2018 (Library)
Update - Dashboards are displayed above searches when navigating the Library.
October 23, 2018 (Operators)
New - You can use the new isNumeric operator to check whether a string is a valid Java number.
October 17, 2018 (Apps)
Update - An update to the Sumo Logic App for Amazon GuardDuty was released today. We have a new log collection strategy. Instead of manually setting up event collection, now you can simply deploy a serverless application from the AWS Serverless repo. For more information see Collect Logs For Amazon GuardDuty.
October 16, 2018
Cloud Flex is now generally available.
October 10, 2018
Browser support has been updated. Sumo Logic supports the following web browser versions:
Chrome latest two versions
Firefox latest two versions
Safari latest two versions
Microsoft Edge version 13
Microsoft Internet Explorer 11*
Due to age of browser we will only provide limited support and make best efforts to resolve reported defects. We recommend that you use one of the fully supported browsers.
October 9, 2018 (Logs-to-Metrics)
New - Logs-to-Metrics is now GA! Transform your logs into metrics for high performance analytics using our Logs-to-Metrics solution. Gain 13-month retention and up to 100x query performance by parsing out or creating metrics from log streams in real-time.
October 9, 2018 (SAML)
Update - The Sumo page for configuring SAML for SSO (Administration > Security > SAML) has a new option: Disable Requested Authn Context. If you check this option, Sumo will not include the optional RequestedAuthnContext element of the SAML AuthnRequests it sends to your Idp. This is useful if your IdP does not support the RequestedAuthnContext SAML element. If you use Azure Active Directory for SSO, you should check the Disable Requested Authn Context option to prevent the following error message:
SAML authentication request's RequestedAuthenticationContext's
Comparison value must be "exact"
October 9, 2018 (Metrics)
New - Metric Chart Sharing. After you run a metric query you can obtain a URL for the chart and send it to other users so that they can view the chart.
October 9, 2018 (Search)
New - Queries in the web interface now preserve the case of search fields. For example a query such as:
_sourceCategory=cqsplitter
| count as HOSTFIELD by _sourcehost
preserves the case of the output field:
Update - Using lookup fields to provide parameters in Search Templates is now easier. Instead of typing the filename, you can select from a drop-down of available lookup files.
October 9, 2018 (Operators)
Update - The transpose operator now sorts columns in alphabetical order.
October 3, 2018
We launched a new Amazon Web Services (AWS) instance in the APAC region (Tokyo) to provide a holistic view of global data as well as its first regional partnership with Classmethod, to provide Japanese customers with local deployment, support and storage of mission critical data. See our press release for details.
September 27, 2018 (Apps)
New - The Sumo Logic App for Puppet provides insight into software configuration management activity in Puppet. You can use the app dashboards to monitor Puppet runs, resource updates, and the root cause of Puppet run issues.
September 26, 2018 (Apps)
New - The Sumo Logic App for Jira provides insight into Jira usage, request activity, issues, security, sprint events, and user events.
September 19, 2018 (Apps)
New - The Sumo Logic App for PCI Compliance for Palo Alto Networks was released today. The new app provides offers dashboards to monitor firewall traffic activity for compliance with PCI requirements 01, 02, and 04.
September 18, 2018 (Sources)
Update - To increase reliability for the Office 365 Audit Source, we will no longer ingest validation notifications and failed notifications. These notifications are now routed to our audit index and can be looked up there. This change allows us greater reliability and retry attempts, which are especially useful if there's an outage.
September 18, 2018 (Operators)
New urlencode operator encodes a URL into an ASCII character set.
September 13, 2018 (Apps)
New -- The Sumo Logic App for Palo Alto Networks 8 gives you visibility into firewall and traps activity, including information about firewall configuration changes, details about rejected and accepted firewall traffic, traffic events that match the Correlation Objects and Security Profiles you have configured in PAN, and events logged by the Traps Endpoint Security Manager.
Update - An update to the Sumo Logic App for Payment Card Industry (PCI) Compliance for Linux was released today. The app provides dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Linux App covers PCI requirements 02, 07, 08 and 10. The update to the app supports new use cases for monitoring login failures and sudo activity.
September 11, 2018
Announcing the new Security User Certification, and a number of user-requested updates to the product such as expanded availability to track receipt time, more detailed FER creation and modification information, and the ability to choose your continent in geo://lookup.
September 11, 2018 (Security User Certification)
New - Our first Security Certification is now available in-product! Sumo Security Users exhibit deep technical knowledge on how to analyze and correlate their security and compliance logs, join their numbers and take the Security Certification.
September 11, 2018 (Receipt Time)
New - Receipt time is now available for scheduled searches, share links for searches, pinned searches, and Search Job API queries. To support receipt time, the Search Job API has a new parameter, byReceiptTime.
September 11, 2018 (Detailed information on Field Extraction Rules (FER))
New - The Field Extraction Rules page now gives you detailed information on who created the rule and the date of creation, as well as who has last modified the rule and when. This can be useful in tracking changes to FERs as well as reviewing future FER changes with the original creator.
September 11, 2018 (More Cities Listed by Time Zone)
New - Time zones were previously listed by one city, sometimes making it difficult to locate your time zone if you weren’t familiar with time zones. We’ve added new time zone names to help you find your time zone more efficiently.
September 11, 2018 (Line numbers in Dashboard Tables)
New - Dashboard tables now show line numbers for easy reference and to allow for quick collaboration between dashboard users.
September 11, 2018 (Choose Your Continent)
New - If you like to use maps in dashboards, we now support the optional continent field for our geo lookup operator. Simply add it to your current queries or start creating new ones.
September 11, 2018 (Tracking Alerts for Scheduled Search in the Audit Index)
New - The Audit Index now tracks scheduled search events. When scheduled searches trigger alerts, you can now search that status information from the Audit Index.
September 4, 2018 (Operators)
The replace and matches operators can now use an RE2 compliant regex to match against your data.
August 30, 2018 (Apps)
New - The Sumo Logic App for AWS WAF analyzes traffic flowing through AWS Web Application Firewall (WAF) and automatically detects threats using Sumo Logic Threat Intel. The App provides pre-configured dashboards and searches that allow you to monitor threat and traffic details by client IP, allowed and blocked traffic, malicious IPs, threat actors, location, rules configured, trends and more.
August 29, 2018 (Event-Based S3 support)
New - Support for S3 Event Notifications with AWS Sources is now out of Beta and Generally Available (GA). Sumo’s S3 integration combines scan-based discovery and event-based discovery into a unified integration that gives you the ability to maintain a low-latency while collecting logs from S3 and provides assurances that no data was missed or dropped. When you enable event-based notifications, S3 automatically notifies Sumo Logic that new files are added. Check out the Log File Discovery option.
August 27, 2018 (Subquery)
New - The subquery operator is now generally available. With subquery, you can create complex filtering conditions within the same query. It’s also valuable when you don’t know the necessary data to restrict the scope of the query, but another query could return the right conditions. For example if Crowdstrike identifies a threat, you can correlate the time of that attack with your Windows Events from the time of that threat.
August 23, 2018 (Apps)
New - The Duo Security App helps you monitor your Duo account’s authentication logs, administrator logs, and telephony logs. The pre-built dashboards provide insight into failed and successful authentications, events breakdown by applications, factors, users, geo-location of events, admin activities, outliers, threat analysis of authentication and administrator events.
August 20, 2018 (SAML)
Signed Authn Requests are now available as an option when you set up SP Initiated Login Configuration in SAML.
August 3, 2018 (Access Keys)
An access key now has a rate limit of 10 concurrent requests to an API endpoint.
August 1, 2018 (Apps)
The Sumo Logic App for Jenkins was released today. The new app helps you monitor build successes, failures, and performance in Jenkins. The preconfigured dashboards provide insight into current and recent build activity.
July 27, 2018 (Apps)
The Sumo Logic App for Azure Active Directory was released today. The new app helps you monitor activity in the Azure Active Directory. The dashboards provide insight into role management, user management, group management, successful and failed sign-in events, directory management, and application management data that helps you understand your users' experience.
July 26, 2018 (Apps)
An update to the Sumo Logic App for Nginx was released today. Searches in the app were optimized and updated to use Sumo's parse regex
operator rather than the Apache Access Parser. In addition, filters were added to each dashboard in the app.
July 24, 2018
We’ve made the switch over to MapBox and enhanced the fields operator.
July 24, 2018 (Mapbox Powers Sumo Logic Maps)
New - We're excited to announce that Mapbox now powers all maps in Sumo Logic. Mapbox is the leading data location platform and will help you get the most out of your map panels.
July 24, 2018 (Collection)
Update - For consistency, we’ve renamed the Google Audit Source to G Suite Apps Audit Source. Just wanted to give you a quick heads-up in case you notice the change.
July 24, 2018 (Operators)
Enhancement - The fields operator now maintains the order you specify for fields in non-aggregate search results. This is great when you want these fields in a specific order.
July 18, 2018
A new collection endpoint, https://endpoint3.collection.sumologic.com
was added in the US1 environment.
July 18, 2018 (Apps)
The Sumo Logic App for Azure SQL was released today. The new app helps you monitor activity in Azure SQL with preconfigured dashboards that provide insight into resource utilization, blocking queries, database wait events, errors, runtime execution stats, and other database analytics.
July 6, 2018 (Search Job API)
Techniques that manage load, like rate limiting and throttling, help keep the Sumo platform reliable and stable. Towards that end, a new Search Job API throttling limit was introduced today. Until now, search jobs were subject only to the global rate limit: each user is limited to four API requests/second. Now, to improve reliability Sumo is limiting the number of active search jobs for a given account to 200. To manage the number of active search jobs you can manually clear completed searches. For more information, see Search Job API throttling.
July 3, 2018
We’ve made some great improvements to setting up our IAM Role support and added five new operators to improve your query experience.
July 3, 2018 (IAM Roles and AWS Sources)
New feature - To keep up with the recommended best practices by Amazon, we are now supporting IAM Role authentication for AWS Sources. When you set up a source you can select role-based access and a CloudFormation template to set up access to your AWS Sources. Key-based access is still available, but we definitely recommend using role-based access.
July 3, 2018 (Operators)
New Operators - We’re pleased to offer the following new operators to make your query experience easier:
- hexToDec Need to convert a hexadecimal field to long format? Now you can convert a hexadecimal string up to 16 characters to long format.
- decToHex Need a long field converted to hexadecimal? Now you can convert up to 16 digits to a hexadecimal value.
- contains Only want a field to show up in your logs if it contains another field? Contains can help you find things like the only the addresses with cities, or only the user information that contains email addresses.
- base64Encode You can now encode ASCII strings to Base64.
- base64Decode You can now convert base64 strings to ASCII.
July 3, 2018 (Search)
Enhancement-Sumo schedule search email functionality is enhanced! Now you can use variables that return search results to form the subject line of email alerts. This is great for creating a friendly subject line. For example, you can configure the subject line like this:
{{Results.client_ip}} had {{Results.errors}} errors
Resulting in a subject line like this:
70.69.152.165 had 391 errors
For more information, see Create an Email Alert.
June 20, 2018
We’ve updated your service to include a few new features including Certifications in the product, a configurable Home page, and a quick note on the required June 20th TLS 1.2 upgrade.
June 20, 2018 (Training)
You can be Sumo-Certified directly from Sumo Logic. Just click the Certifications tab and select your class. You’ll be logged into the Sumo Logic LMS and can begin taking your desired certification.
June 20, 2018 (Configurable Home Page)
You can organize your Home page display based on what you’d like to see first, and resize objects based on how many searches or dashboards you want displayed at one time. Simply drag and drop objects on the Home page to where you want them
June 20, 2018 TLS 1.2 Requirement Reminder for Collectors)
Deprecation - We will be removing support for TLS 1.0 and TLS 1.1 from all public endpoints on Jun 20. All Sumo Logic collector agents will need to be upgraded to version 19.155 or above while running JRE 7+. All clients of Sumo Logic's public REST APIs, or clients that upload data to a Sumo Logic HTTP Source should be checked for TLS 1.2 support.
June 15, 2018 (Apps)
An update to the Sumo Logic App for Azure Web Apps was released today. The log collection strategy has changed. We are deprecating the VM-based solution template provided through the Azure Market Place. You can now configure a serverless pipeline for shipping logs from Azure Blob Storage to a Sumo Logic hosted collector.
June 13, 2018 (Apps)
The Sumo Logic App for Google Cloud Load Balancing was released today. The new app helps you monitor load balancing activity, with preconfigured dashboards that provide insight into request locations and volume, response codes, and request and response data by load balancer.
Jun 12, 2018 (Integrations)
An update to Sumo’s LogGroup Lambda Connector was released today. Now, you can use the connector with existing log groups.
June 11, 2018 (Apps)
The Sumo Logic App for Docker ULM was released today. This new app is a unified logs and metrics app for monitoring your Docker deployment. The preconfigured dashboards present information about container state and resource usage, including CPU, memory, block I/O, and network.
June 7, 2018 (Source)
Docker Stats source can now be configured to ingest metrics time series instead of JSON log messages. See Docker sources for details.
June 5, 2018 (Apps)
The Sumo Logic App for Amazon EKS was released today. The new app allows you to monitor Kubernetes clusters that are powered by Amazon EKS. The preconfigured dashboards present resource-related metrics at the Kubernetes pod, cluster, namespace, and node level; and provide operational insight into the state of your Kubernetes cluster.
Deprecated - The Sumo Logic App for Amazon EKS was deprecated September 6, 2019, and replaced with the Amazon EKS - Control Plane App.
June 4, 2018 (Apps)
The Sumo Logic App for Amazon Redshift ULM was released today. The new app is a unified logs and metrics application with preconfigured dashboards provide insight into database connections, SQL command and statement execution, database user account events, CloudTrail events, and resource utilization by node and cluster.
June 1, 2018 (Integration)
New - An integration for Azure Blob Storage is now available. The new integration provides a event-based pipeline for shipping monitoring data from Azure Blob Storage to an HTTP source on Sumo Logic. This solution is good for monitoring Azure services that do not support exporting logs to Azure Monitor, for example, Azure Web Apps and Azure Storage Accounts.
May 22, 2018 (New Google Apps Options in Google Source Audit UI)
Update - More support for Google Audit UI sources. We’ve added four more Google apps as source options to the Google Audit UI:
- Groups. Reports return information about various Groups activity events.
- gplus. Reports return information about various Google+ activity events.
- Mobile. Reports return information about different types of Mobile Audit activity events.
- Rules. Reports return information about different types of Rules activity events.
May 21, 2018 (Metric Rules Editor)
Today we released the Metric Rules Editor, an interface for assigning tags to your metrics so that you can search them more easily. Metric rules can create tags derived from segments of a Graphite metric path, or from the key-value pairs for a Carbon 2.0 metric. Tagging is great for Graphite metrics—enabling users to interactively build a query as a set of key-value pairs. For more information, see About Metric Rules.
May 15, 2018 (Alerting)
An enhancement to Sumo's WebHook feature was released today. Now, you can include results from your scheduled searches in your WebHook payload. You can create more contextual alert notifications by referencing specific fields from your log search, such as hostname, error count, and so on. For example, you can issue easy-to-read Slack messages like this:
May 8, 2018 (Apps)
The Sumo Logic App for Squid Proxy was released today. The new app for Squid helps you monitor activity in Squid Proxy. The preconfigured dashboards provide insight into served and denied requests; HTTP response codes; URLS experiencing redirects, client errors, and server errors; and quality of service data that helps you understand your users’ experience.
May 7, 2018 (Search Templates)
New Feature - Help reduce your favorite queries down to a few input fields to make it easier for others to use. Search templates allow you to turn any text in a query into an input field with a text box that has autocomplete. You have full flexibility in setting up the autocomplete for the text box, choosing from a static list or lookup files, to make the search experience even better. And these autocomplete values will also be available as dashboard-wide filters for your users.
April 24, 2018 (Content Sharing)
New Video - Excited about the GA release of Content Sharing? A new video is available for you following the most basic use-case, how to share a scheduled search so others can edit your alerts!
April 24, 2018 (Geo Lookup)
New Geolocation Database - Sumo Logic has partnered with Neustar, an industry-leading IP intelligence provider, to deliver a more accurate database for geolocating IP addresses in your log messages. To get started, simply replace "geo://default" with "geo://location" in any of your geo lookup map queries.
April 24, 2018 (TLS 1.2 Requirement Reminder for Collectors)
Deprecation - To keep up with industry standard best practices and ensure the security of our customer data, we are planning to only support TLS version 1.2. We are reaching out to administrators and account owners to ensure all Sumo collector agents are upgraded to version 19.155-X or higher while running JRE 7+. We plan to have this enforced by May 1, 2018.
April 18, 2018 (Apps)
An update to the Sumo App for Amazon SES was released today. The updated app provides a new “Amazon SES - Complaint Notifications” dashboard.
April 18, 2018 (Apps)
An update to the Sumo App for AWS CloudTrail was released today. The updated app provides a new “AWS CloudTrail - S3 Public Objects and Buckets” dashboard.
April 16, 2018 (Apps)
An update to Sumo Logic App for G Suite was released today. The updated app provides a new “Google Apps - User Activity” dashboard, and includes a number of query optimizations.
April 12, 2018 (Apps)
An updated version of the Sumo Logic Audit App with was released today. In addition to the previously available dashboards that present information about account management and user activities, the updated app provides new dashboards that provide insight into management actions performed on Library content (searches, dashboards/reports, and folders) in your Sumo Logic account.
April 10, 2018 (Content Sharing)
New Feature - Role-based Access Control for your searches, dashboards, and folders is rolling out over the next few weeks to every account. You can now decide the level of access you want to share your searches, dashboards, and folders with specific users and roles. You can grant View, Edit, or Manage access, and have the Advanced option to make this access even more fine-grained.
There are also new admin controls for Administrators to help you administer the organization of searches and dashboards for other users.
April 10, 2018 (Apps)
New Apps - We’re excited to announce the release of six new applications for Google Cloud Platform, giving you new prebuilt searches and dashboards for the following Google services:
- Google BigQuery
- Google Kubernetes Engine
- Deprecated - The Sumo Logic App for Google Kubernetes Engine was deprecated September 6, 2019, and replaced with the current Google Kubernetes Engine (GKE) - Control Plane App.
- Google Cloud Storage
- Google Cloud Functions
- Google Compute Engine
- Google Cloud SQL
New App - AWS Lambda ULM app. This is a unified logs and metrics (ULM) app that helps you monitor the operational and performance trends in the Lambda functions in your account.
Deprecated - The Sumo Logic App for AWS Lambda ULM was deprecated July 22, 2022, and replaced with the current AWS Lambda App.
April 5, 2018 (Apps)
The Sumo Logic App for Oracle was released today. The app provides insight into the health and activity of your Oracle database and includes predefined dashboards that present information about errors, ORA messages, listener activity, connections, security monitoring, and the syslog and XML audit trails.
April 4, 2018 (Apps)
The SumoLogic App for AWS Lambda ULM was released today. The app is a unified logs and metrics (ULM) app that helps you monitor the operational and performance trends in the Lambda functions in your account.
Deprecated - The Sumo Logic App for AWS Lambda ULM was deprecated July 22, 2022, and replaced with the current AWS Lambda App.
March 30, 2018 (Apps)
Six new apps were released today.
- The Sumo Logic App for Google BigQuery helps you monitor data and activity in your BigQuery data warehouse. The preconfigured dashboards provide insight into the projects, operations, queries, user management operations, user activities, and billed GBs in BigQuery.
The Sumo Logic App for Google Kubernetes Engine helps you monitor activity in Google Kubernetes Engine, providing node-level and pod-level monitoring information. The preconfigured dashboards provide insight into Kubernetes events, errors and activity; pod scheduling; created and killed resources; and severity messages. ** Deprecated - The Sumo Logic App for Google Kubernetes Engine was deprecated September 6, 2019, and replaced with the current Google Kubernetes Engine (GKE) - Control Plane App.
The Sumo Logic App for Google Cloud Storage helps you monitor activity in Google Cloud Storage. The preconfigured dashboards provide insight into request locations, bucket and object operations, user activities, errors, and bucket statistics.
The Sumo Logic App for Google Cloud Functions helps you monitor your usage of Google Cloud Functions. The preconfigured dashboards provide insight into function executions, operations, latency, errors, and failures.
The Sumo Logic App for Google Compute Engine helps you monitor your infrastructure by providing preconfigured dashboards that allow you to view the activities, users, message severity of your Google Compute Engine infrastructure.
The Sumo Logic App for Google Cloud SQL helps you monitor your usage of Google Cloud SQL. The preconfigured dashboards provide insight into created and deleted resources, messages, authorization failures, user activities, and error logs.
March 27, 2018 (Autocomplete Dashboard Filters)
New Feature - Autocomplete for dashboard filters is now here. Select your Sumo Logic metadata or parsed field from the filters list and start typing in the field you want. Autocomplete will suggest available options in an alphabetized list.
March 27, 2018 (SAML Required)
New Feature - SAML Required Option. As an administrator, you can now prevent users from accessing Sumo Logic with a password by requiring SAML Sign In for all but a few whitelisted users from the SAML page, or none if you so choose.
March 27, 2018 (TLS 1.2 Requirement Reminder for Collectors)
Deprecation - As of May 1, 2018, to keep up with industry standard best practices and ensure the security of our customer data, we will only support TLS version 1.2. All Sumo collector agents must be to upgraded to version 19.155-X or higher while running JRE 7+.
March 27, 2018 (Search)
New Operator - The topk operator is an improved top operator that allows you to select the top values from fields and group them by fields. It can replace the top operator and adds the ability to choose the top of top. If you are using top, we recommend switching to topk for all your queries so that you can take advantage of the additional functionality of topk.
March 16, 2018 (Quota Increase)
Update - Quotas daily quota for throttling has increased. Throttling is in place to protect both our customers and Sumo Logic from sudden and unexpectedly large increases in volume, which could result in your account using On-Demand Capacity, as well as ingest performance problems on the service side. For more information, see the Account Usage help pages.
The multiplier for the per day average ingestion total varies based on the account size, and has increased to reflect average usage among our customers.
Account Size - Daily Average | Multiplier |
Less than 100GB per day. | 10x |
Between 100-256GB per day. | 8x |
Between 256-512GB per day. | 6x |
More than 512GB per day. | 4x |
March 14, 2018
We launched a fully operational AWS deployment in Frankfurt, Germany to provide you access to a state-of-the-art, highly-available AWS data center to support provisioning accounts from both sumologic.com and the AWS Marketplace. See our press release for details.
March 13, 2018 (Search)
New Operator - There’s a new operator that lets you create a short, easy-to-remember name for your dashboard URL, called the tourl operator. With it you can create URL names that are short and relevant to your dashboard or prepend names to columns and call them by that name.
March 13, 2018 (Security)
No Impact with SAML Vulnerabilities - We've had questions on whether Sumo Logic is vulnerable to any of the following SAML vulnerabilities and we are not:
CVE-2017-11427 - OneLogin’s "python-saml"
CVE-2017-11428 - OneLogin’s "ruby-saml"
CVE-2017-11429 - Clever’s "saml2-js"
CVE-2017-11430 - "OmniAuth-SAML"
CVE-2018-0489 - Shibboleth openSAML C++
We do use opensaml Java, but that was not listed as affected even though the C++ version was listed in the article.
Our Security team performed a manual test and our service handled the XML comment the right way so that it did not truncate the username, which shows that our implementation is NOT affected.
February 23, 2018 (Apps)
Three apps were updated today.
An updated version of the Sumo Logic App for Fastly was released today.The new version supports Fastly's Web Application Firewall (WAF) security service, which allows you to detect malicious request traffic and log or log and block that traffic before it reaches your web application. There are three new dashboards: WAF Overview, WAF - Offenders, and WAF - OWASP.
An updated version of the Sumo Logic App for MySQL was released today. The update provides a new dashboard: MySQL Failed Logins.
An updated version of the Data Volume app was released today. The update provides a new dashboard, Log Spikes. In addition, new panels that present metric ingest in Data Points per Minute (DPM) were added to the Overview and Metrics dashboards.
February 20, 2018 (Apps)
A new app was released today.
- Sumo Logic App for Kubernetes allows you to monitor Kubernetes deployments that are self-managed by open source tools such as Kops. The preconfigured dashboards present resource-related metrics at the Kubernetes pod, cluster, and namespace level; and provide operational insight into Kubernetes components, including nodes, the API Server, the Controller Manager, the Kube System, and the Scheduler. For more information, see Kubernetes.
- Deprecated - The Sumo Logic App for Kubernetes was deprecated September 6, 2019, and replaced with the current Kubernetes App.
February 6, 2018
In addition to bug fixes, we've released sorting time series by Avg, Min, Max in the Legend tab for Metrics, relative time ranges for when you want your source to begin collecting data, and you can now generate access keys from the Security tab.
February 6, 2018 (Metrics)
New - Want a little help sorting your time series? The Metrics Legends tab now displays the Avg, Min, and Max for a time series over the selected time range and you can sort by these columns.
February 6, 2018 (Sources)
Update - You can now set a relative time range for minutes, hours, days, weeks, and months your sources in the Collection should begin option. Enter a relative time expression, for example -1h, and it will begin collection one hour in the past.
February 6, 2018 (User Interface)
Update - It’s a small change but very convenient. You can now set up your access keys from the Security tab. Just click the plus icon (+), name your key, and click Generate Key.
January 29, 2018 (Apps)
Update - The MySQL app was updated today to improve performance and provide bug fixes. The dashboards and searches remain unchanged.
January 26, 2018 (Apps)
Four new apps were released today.
The Sumo app for Google App Engine is now available. The app helps you monitor the activities in App Engine. The preconfigured dashboards provide insight into requests, applications, HTTP status codes, latency, and response time.
The Sumo app for Google Cloud Audit is now available. The app meets audit and compliance needs by enabling you to monitor activities and track the actions of administrators in your Google Cloud Platform projects. The preconfigured dashboards provide insight into the network, security, operations, and users of your Google Cloud Platform projects.
The Sumo app for Google Cloud IAM is now available. The app gives you visibility into the activities in Cloud IAM. The preconfigured dashboards allow you to monitor the IAM project activities, operations, role activities, and policy changes.
The Sumo app for Google Cloud VPC is now available. The app gives you visibility into activities, traffic, and VPC flows. The preconfigured dashboards provide details on VPC flows, source and destination IP addresses, ports, protocols, and messages.
January 23, 2018
Bug fixes were released today.
January 23, 2018 (Dashboard)
- Bug Fix - Some dashboards were opening in Live Mode instead of Edit mode by default. This has been fixed and all dashboards open in Edit mode by default.
- Bug Fix - Some dashboards were not responding after selecting Open in a New Browser Tab. This has been fixed.
January 23, 2018 (Metrics)
- Bug Fix - When you click Update Dashboard from a metrics query, it now opens the dashboard tab by default and doesn’t stay on the metrics query page.
January 23, 2018 (Search)
- Bug Fix - Aggregation tables were sometimes displaying instead of charts. Chart display errors have been fixed and charts now display consistently.
January 18, 2018 (Apps)
The Sumo App for Amazon SES is now available. The app provides operational insight into Amazon Simple Email Service. The app includes dashboards that allow you to view information about bounced notifications, delivered notifications, and CloudTrail events.
January 9, 2018 (Browser Support)
- Deprecated - We are officially releasing the new UI, and that means we’re going to deprecate support for Firefox 25. The new UI supports Firefox 41 and higher.
January 9, 2018 (Live Tail)
- Deprecated - We’re moving on to TLS 1.1+ for the Live Tail command line. Like the rest of the product, we’re no longer supporting TLS 1.0.
January 9, 2018 (Search)
- Bug Fix -Sankey charts can now handle camel-cased fromState and toState field names. We now make these fields lower case on the backend to get consistent results for you.
January 9, 2018 (Upgrade)
- New - Self-Service account upgrades are now available for Australian and Asia Pacific customers.
January 9, 2018 (User Interface)
- New - Our New UI is officially released. We will be deprecating our seven-year-old Classic UI and moving on to the New UI. For details on how your navigation will change with the new UI, check out our Navigation Cheat Sheet.
January 8, 2018
A new collection endpoint, https://endpoint3.collection.us2.sumologic.com
was added in the US2 environment.
January 3, 2018 (Apps)
New Beta App - Imperva - Incapsula Web Application Firewall is now available. It helps you monitor your web application protection service. The pre-configured dashboards provide insights on the threat alerts events.
2017 Archive
This is an archive of the 2017 Sumo Logic Service Release Notes. The current Service Release Notes are here.
December 20, 2017 (Apps)
New Beta App - The Sumo Logic App for Amazon SNS is now available. It is a unified logs and metrics (ULM) App that provides insights into the operations and utilization of your SNS service. The preconfigured dashboards help you monitor the key metrics by application, platform, region, and topic name, view the SNS events for activities, and help you plan the capacity of your SNS service.
December 5, 2017 (Dashboards)
Enhancement - You can now duplicate dashboards from the dashboard tab. Choose a name for the duplicate and save it to a folder.
December 5, 2017 (Live Tail)
Enhancement - Duplicate option now available for Live Tail sessions.
Bug Fix - Rename option no longer disabled for Live Tail when maximum tab limit reached.
December 5, 2017 (Metrics)
Enhancement - New error messages for pct operator when conditions are invalid, such as “Percentile argument greater than 100”.
Enhancement - Duplicate metrics query option now available.
Enhancement - Math expressions such as min, max, abs, and round are now case insensitive to match the log search experience.
Bug Fix - Host Metrics ingest now works with the Setup Wizard.
Bug Fix - Negative values for log and sqr in queries now result in error messages because they are not valid values for these operators.
December 5, 2017 (Search)
Bug Fix - Exporting a search experience improved.
Bug Fix - To save on naming issues, duplicate imported searches now forced to have a different name than the existing search.
December 5, 2017 (Security)
TLS 1.0 Protocol Disabled - We have disabled support for TLS 1.0. You must now use TLS 1.1 and up. Unless you are using IE 10 or below we do not expect this change to impact you.
December 5, 2017 (User Interface)
Enhancement - To save space on your tabs, Sumo no longer labels duplicate search tabs as “Copy of”. Now duplicate searches are labeled Search and a value, similar to duplication in Metrics.
Bug Fix - You can now scroll off screen and still select the New Tab icon (+).
Bug fix - Collection status page now loads quickly for the Internet Explorer Browser.
December 1, 2017 (Apps)
Apps Update - The Sumo Logic App for AWS Lambda helps you monitor the operational and performance trends in all the Lambda functions in your account. The App now supports a new data source, CloudTrail Lambda Data Events and has pre-built dashboards for that source.
November 29, 2017 (Apps)
New App - The Amazon GuardDuty Sumo Logic app provides insights into the activities in your AWS account based on the findings from Amazon GuardDuty. The App includes preconfigured dashboards that allow you to detect unexpected and potentially malicious activities in your AWS account by providing details on threats by severity, VPC, IP, account ID, region, and resource type.
November 27, 2017 (Search)
Update - fields operator for defining the order of the columns. Along with choosing which fields are displayed in the results, you can now use the fields operator to order the columns in the result. The order of the columns in the result would be the order you specified with the fields operator.
November 22, 2017 (Apps)
New Beta App - The Sumo Logic App for AWS Elastic Load Balancing ULM - Application is now available. It is a unified logs and metrics (ULM) App that gives you visibility into the health of your Application Load Balancer and target groups. Use the preconfigured dashboards to understand the latency, request and host status, threat intel, and HTTP backend codes by availability zone and target group.
New panels added to the PCI Compliance for CloudTrail App - The PCI Compliance for AWS CloudTrail App is now updated to include the details of create and delete group, added and removed users, and password events in the PCI Req 08 - Account, System Monitoring dashboard; policy operations in the PCI Req 08, 10 - Privileged Activity dashboard; and console root logins in the PCI Req 10 - Login Activity dashboard.
November 21, 2017 (Apps)
New Beta App - Sumo Logic has a beta app for Amazon SQS, a unified logs and metrics (ULM) app that provides operational insights into your Amazon Simple Queue Service (SQS) use. The pre-configured dashboards help you monitor the key metrics, view the SQS events for queue activities, and help you plan the capacity of your SQS service.
New Beta App - Sumo Logic has a beta unified logs and metrics (ULM) app for AWS Elastic Load Balancing ULM - Classic. You can use the searches and dashboards to track ELB information on the latency, HTTP backend codes, requests, and host status, to investigate issues in the load balancer.
November 21, 2017 (Dashboards)
Bug Fix - Dashboards with the same name now delete properly.
Bug Fix - Drill down metrics name consistent with panel name on dashboard panel.
Bug Fix - Dashboards now display properly, even when tabs are closed.
Bug Fix - Share dashboards with filters option only available when filters are present.
Bug Fix - Clicking the Zoom into Panel option consistently opens a new panel.
November 21, 2017 (Metrics)
Bug Fix - Update dashboard option for metrics charts is fixed.
Update - Metrics Introduction now references new UI layout, error messages updated, and revised and improved metrics query performance.
Bug Fix - Aggregate group-by key is no longer case sensitive.
Bug Fix - You now go to the metrics page after clicking "Exit Setup Wizard" if you are working with a metrics source.
Bug Fix - Division by zero not shown in metrics time series to improve visualizations.
Bug Fix - Dashboards shared with“World” now open in incognito mode.
Bug Fix - Removing filter refreshes screen.
November 21, 2017 (Search)
Update - Improved error messages for exporting a search.
November 21, 2017 (User Interface)
Update - Country and states list updated for Activate Your Account.
Bug Fix - SAML sign-in redirects user to correct page on sign-out.
Bug Fix - Show Password Policy only displays when user has Manage password policy capability.
Bug Fix - Appropriate content shows when deleting a user.
Bug Fix - Accounts page is now more exact.
Bug Fix - Multiple tabs can now open during a search.
Bug Fix - Error now shows when you attempt to name a dashboard, search, or folder with an existing name.
Bug Fix - User role creation validates for invalid characters.
November 7, 2017
There is a new app for Amazon Kinesis - Streams, updates to dashboards, new metrics operators, fix to sources, and some user interface changes as part of this update.
November 7, 2017 (Apps)
New Beta App - The Sumo Logic App for Amazon Kinesis - Streams is now available for Beta testing. This is a unified logs and metrics (ULM) App which provides information on the events and metrics of Kinesis Streams. The preconfigured dashboards help you monitor the events, API calls, errors, incoming and outgoing records, latencies, and throughput of Kinesis Streams.
November 7, 2017 (Dashboards)
Bug Fix - Dashboard with single panels no longer have display error when adding a new panel.
Bug Fix - Dashboard changes now reflected on sidebar without a hard refresh.
November 7, 2017 (Metrics)
New Operators - New topk, bottomk, and filter operators available filter your metrics query. You can now reduce your time series down and simplify your visuals with these operators. For example, you can find the top 10 time series with the highest average.
Bug Fix - Drill down metrics name is now consistent with monitor name on dashboard panel.
November 7, 2017 (Sources)
Bug Fix - Docker Stats Source error message now displays correctly.
November 7, 2017 (User Interface)
Reminder - Migrate to the new UI as soon as possible. The classic UI will no longer be available after Dec 15.
Enhancement - Asterisk is now shown in the saved search tab to indicate that there are unsaved edits.
Enhancement - Scrollbar is now wider to make it easier to use. Bug Fix - In-product notification icons now display correctly.
October 31, 2017
Amazon DynamoDB App. The Sumo Logic App for Amazon DynamoDB is now available. This is a unified logs and metrics (ULM) App which provides operational insights into your DynamoDB solution. The App includes Dashboards that allow you to monitor key metrics, view the throttle events, errors, latency, and help you plan the capacity of your DynamoDB solution.
October 27, 2017
Keyboard shortcuts enhanced. We have expanded the shortcut options for duplicating a query in the new UI. If you used option+shift+n in the classic UI to duplicate a query and time range, you can now use following more specific keyboard shortcuts in the new UI:
Shortcut | Description |
alt+shift+n | Duplicate only the current query in new tab. |
alt+shift+t | Duplicate only the current time range in a new tab. |
alt+shift+q | Duplicate both the current query and time range in new tab. |
October 17, 2017
Dashboard sharing enhancements. You can now share a dashboard with static timeranges provided in the URL itself, allowing you to share a snapshot in time of a dashboard with other users. For details, see sharing or embedding a dashboard.
October 13, 2017
Windows Event Log Source Host Change. All Windows Event Logs contain a built-in "Computer" field, which is captured by the Computer = "..."; text you see in the Sumo messages.
Problem. We discovered an issue that caused sourceHost to be assigned incorrectly to a value that didn’t match the Computer field for the event.
Resolution. We have fixed this issue and now assign the Computer = "..."; field as _sourceHost.
Impact: Minimal. If you have queries and scheduled searches for Windows Event Logs that depend on _sourceHost values, you need to verify the change has no impact.
October 10, 2017
AND, OR, and NOT supported in Metrics Queries. Logical operators are now supported in the metrics query language to let you specify complex Boolean expressions for metrics. For example you can now say nodes not “forge” by stating: !node=forge
and you can specify two specific clusters with OR. For more information see Creating a Metrics Query and Visualization.
September 18, 2017
Sumo Kubernetes Fluentd plugin. You can use the plugin to collect system, kubelet, Docker daemon, and container logs from Kubernetes. For more information, see Kubernetes.
September 14, 2017
Metrics alerting enhancements. You can now set alerts on Metrics JOIN queries. For example if you have a query to calculate a baseline in comparison to today's network traffic:
- Choose your metric for CPU usage by application and the source hosts you want to track:
metric=CPU_user _sourceHost=my_host
- Take an average of that metric.
metric=CPU_user _sourceHost=my_host | avg
- See differences between your metric and your average.
(#A - #B)/#B
- Create an alert to let you know when that those differences reach a particular range.
September 12, 2017
Dashboard sharing enhancements. You can now share a dashboard with specific filters provided through the URL itself. You can also embed a dashboard in an external website as an iFrame. For more information, see the section on sharing or embedding a Dashboard.
September 11, 2017
Azure Audit. The Sumo Logic App for Azure Audit is now updated to include the Activity Logs from Event Hub, along with the existing collection from Azure Insight API using Sumo Powershell scripts. For more details, see collect logs for Azure Audit from Event Hub. All the pre-configured dashboards in the App, except the Azure Audit - Active Directory dashboard, support logs from both Event Hub and Insight API. This update also includes minor bug fixes and query optimization.
September 1, 2017
Amazon CloudFront. The Sumo Logic App for Amazon CloudFront is now updated to include the Latency Monitoring dashboard. You can use this dashboard to monitor the Latency time, locations, trend, and outlier.
August 29, 2017
Google Cloud Platform Source. Google Cloud Platform (GCP) is now available as a data source. If you are using GCP services, all log data for these services is collected and exposed through the Google Cloud Stackdriver service. You can export in real time all of the data collected by Stackdriver to Google Cloud Pub/Sub. We use this Pub/Sub integration to push logs to our platform in real time.
Salesforce. The Sumo Logic App for Salesforce is now updated. The queries are optimized for better performance, and minor defects are fixed. This update has no impact on the dashboard panels.
Apps generally available. We are proud to announce that the Sumo Logic Apps for Cylance, Zscaler - Web Security, Auth0, CrowdStrike - Falcon Platform, and Amazon Inspector are out of Beta and are now generally available.
August 22, 2017
parseDate Released. A new operator, parseDate, extracts a date or time from a string and converts it to an epoch timestamp. For more information see parseDate.
August 18, 2017
Real-time threat assessment. Threat Intel Quick Analysis and Threat Intel for AWS apps now support using Continuous Queries (CQs) for scanning for malicious Indicators of Compromise (IOCs) in real time using the lookup operator.
August 15, 2017
Okta App. The Sumo Logic App for Okta is now available. This app helps you monitor the admin actions, failed logins, successful logins, and user activities to your applications through Okta. The App consists of dashboards that give you visibility into the applications, accesses, user events, and Multi-Factor Authentication (MFA).
OneLoginApp Dashboards. The dashboards of Sumo Logic App for OneLogin are now updated. This update offers Successful Login Outlier panel in the Overview dashboard, and Successful Logins panel in the Security dashboard.
Apps generally available. We are happy to announce that the Sumo Logic Apps for Amazon RDS Metrics, CIS AWS Benchmark - Monitoring, Amazon ECS), AWS Elastic Load Balancer - Application are out of Beta and are now generally available.
July 24, 2017
eval metrics operator. The eval operator evaluates a time series based on a user-specified math expression. For more information, see Metrics Operators.
Numeric literals and supported multiplier suffixes. A number, or numeric literal, in the Sumo Query language is a set of digits containing no spaces, with an optional decimal point. Numeric literals can end with a "multiplier suffix," which is a shorthand way to express scalar numeric values multiplied by common factors. For more information on supported multiplier suffixes for numeric literals, see Field Expressions.
July 17, 2017
Custom labels for metrics time series. The default label for time series is a comma-separated list of the dimensions included in the query. The resulting labels can be lengthy and inconvenient to scan. To shorten the labels and make them more meaningful in your metrics visualizations and in dashboards, you can apply a naming convention for custom time series labels on a per-query basis. The labels can include text and also parameters that are enclosed in double curly braces.
July 9, 2017
The ability to save LogReduce results to a baseline has been deprecated.
June 29, 2017
CloudPassage Halo App. The Sumo Logic App for CloudPassage Halo is now available. This app helps you detect security violations and look for threats across your complex infrastructure, through the analysis of massive volumes of Halo event data. CloudPassage’s Halo platform records over eighty different types of security events about your Halo-managed infrastructure, whether you deploy into public cloud environments or your private data center. These events deliver information about your infrastructure and include critical security alerts for firewall changes, access changes, configuration changes, and file integrity changes, and more.
Microsoft Office 365 App Dashboards. The Sumo Logic App for Microsoft Office 365 App Dashboards is now updated. This update offers new dashboards for Azure Active Directory to help you monitor logins, login locations, and for user and account monitoring.
June 23, 2017
PCI Compliance for Amazon VPC Flow Log App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Amazon VPC Flow Appis now available. This app offers dashboards to help you monitor that network traffic, network activities, and network security are within your expected ranges. The PCI Compliance for Amazon VPC Flow App covers PCI requirements 01, 02 and 04.
June 21, 2017
Non-aggregate query speedup. The histogram rendering time is reduced, charting your messages faster.
Removal of 100k pause. Non-aggregate queries are no longer limited to 100k messages at a time.
Be aware of the following changes that come with these enhancements:
- Field counts still cap at 100k messages. When the message count reaches more than 100k, you will see a message: “We only use the first 100,000 messages to calculate the field counts.”
- Field counts may still be loading. Field counts load asynchronously, and may still be loading after the histogram renders.
- Receipt time still has 100k pause. If your search uses receipt time, you will still see the 100k message limit.
- Oldest message sorts first when you reach 100k messages. Although you can have more than 100k messages in the histogram, the oldest message that will be shown is the 100k message. To get around this issue and see the range you want on the histogram, you can: Reduce the timerange and return the search. Shift+click on the histogram bar to drilldown into a specific timerange.
June 19, 2017
New Home page experience. Welcome to the Home page for the new Sumo UI. You can immediately launch searches, metrics, Live Tail, and the Setup Wizard directly from Home without having to wrestle with keyboard shortcuts or menu navigation.
You can also access:
- Recently Opened Dashboards. Easily access the dashboards you’ve run recently to check on current results or to make modifications.
- Recently Run Searches. Easily access the searches you’ve run recently to check on current results or to make modifications.
- Recommended Dashboards. Based on current dashboard use in your org, we’ll recommend other dashboards for you to try.
- Pinned Searches. Find any search you’ve pinned in Sumo.
Finally, we’d love your feedback. There’s a feedback submission window at the top so that you can reach out and let us know if there’s any way we can improve our design to make your product experience better.
New Learn page. Find out more about Sumo by clicking Learn from the Home page. Learn is designed to help you discover Sumo resources quickly by providing direct links to:
- Important how-to videos
- Tutorials on setting up and using Sumo for the first time
- Support ticket interface
- Product documentation
- Available training webinars
- Feature Request site
- Sumo Community
- What’s New page with the latest product announcements
Threat Intel for AWS App. A new app for Threat Intel for AWS correlates CrowdStrike threat intelligence data with your AWS log data, allowing for real-time security analytics to help detect threats in your environment and protect against cyber-attacks.
The Threat Intel for AWS App scans your AWS CloudTrail, AWS Elastic Load Balancing, and AWS VPC Flow logs for threats based on IP address and provides four pre-built dashboards, an overview and one for each data source.
June 16, 2017
Custom timestamp formats. You can now specify multiple custom timestamp formats per source, where to locate them in your log lines with regex, and test them to see if we can parse that format. We will still auto detect timestamps for you if your custom formats do not parse. See Timestamps, Time Zones, Time Ranges, and Date Formats and Use JSON to Configure Sources
More epoch timestamp support. You can now specify the epoch timestamp token, which will match against 10, 13, 16, or 19-digit epoch timestamps, with or without decimal points. See Timestamps, Time Zones, Time Ranges, and Date Formats.
June 12, 2017
Filter operator. Use the filter operator to filter the output a search using the results of a different search (using the same search expression). The filter operator keeps only the records that match the filter criteria, allowing you to restrict search results to the most relevant information. See filter operator.
June 1, 2017
New UI. This release introduces a new look and feel and experience for the Sumo Logic UI. Navigation is simplified, and it’s now much easier to find the content you’re looking for.
If you're a current Sumo Logic user, you'll find that the navigation and some menu items have changed, but most of your working experience will be just as it was before. During the rollout period, we encourage you to start right away with the new UI. That way you'll get used to the changes and can start realizing the benefits. New UI highlights include:
- Improved navigation. The menus that used to be on the top of of the UI are now on the left side (we call it the 'left nav'). The menus have been reorganized and some menu and page names have changed. See Navigate Around the New Sumo Logic UI to learn how the navigation compares for the new UI and classic UI.
- Switch between your tasks in Sumo Logic with the tab bar. The top tab bar allows you to keep multiple pages open at the same time and easily navigate between them. The tabs persist across login sessions, and you can switch context without jumping to new browser tabs or windows. This includes having multiple dashboards open in separate tabs. See Welcome to the new Sumo Logic UI.
- New log searches, metrics visualizations, and Live Tail sessions. It's now more convenient start working with logs or metrics. If you click the + icon in the Tabs area, you'll see options to select search, metrics, or Live Tail. See Welcome to the new Sumo Logic UI.
- Library. The Library contents are available from the left nav or the Library page. This is the first step in providing enhanced content sharing capabilities, which we’ll be continuing to roll out in upcoming releases. See Welcome to the New Library.
- App Catalog. You can access the App Catalog directly from the left nav to search for and install apps. See the topics under Data Types.
- Home page. The new Home page provides quick access to recently opened dashboards and searches. See Welcome to the new Sumo Logic UI.
Keyboard shortcuts. Keyboard shortcuts have changed for the new UI. See Keyboard Shortcuts for the New UI.
Apps. The App Catalog has a new preview option. If you’re not sure what dashboards you’ll get with an app, you can click the
Preview Dashboards link in the App Catalog to see a preview of the dashboards included with the app.
New tutorials. We’ve updated our Quick Start tutorials to better reflect the different getting started experiences for setting up Sumo Logic and using Sumo Logic.
Data Volume App updated. The Sumo Logic App for Data Volume allows you to view at a glance your account's data usage volume by category, collector, source name, and hosts. The app uses predefined searches and a Dashboard that provide visibility into your environment for real-time analysis of overall usage.
The Overview dashboard has been updated to provide a more comprehensive view of your Logs and Metrics data use.
The following dashboards have also been added:
- Data Volume - Logs See your log ingest volume in greater detail, outlining ingest spikes, outliers, and quota.
- Data Volume (Logs) by various metadata fields - Drill down on source metadata, using the metadata you've created within Sumo to better define your log sources.
- Data Volume - Metrics. Review details of your data ingest to identify areas of high-volume ingest.
May 29, 2017
New Accumulate Operator for Metrics. The accum
metrics operator provides a running total over time of certain metrics. Use this when you are measuring a rate, and you want to understand the total number of occurrences. See accum.
Multi-Query Math/JOIN for Metrics. Compare multiple different metrics in new ways to derive new insights. For example, compare network output and CPU use.
May 23, 2017
AWS Elastic Load Balancer - Classic. The AWS Elastic Load Balancer App has been renamed and updated to provide new panels and dashboards such as the Failed Dispatch Monitoring Dashboard to help you better investigate your AWS ELB usage.
Time Bucketing/Metrics quantization. When you’re visualizing metrics data, the time axis is fundamental to understanding your data.
- Multiple time series (lines on the chart) should line up in a way that makes it easy to understand and compare behavior (for example, at 10:25AM server1 had 95% CPU usage and server2 had 50% CPU usage).
- As you change the time scale, the granularity of the data points should change accordingly (for example, 1 second resolution for a metric over 30 days doesn’t make sense).
This capability is called quantization. The quantization interval aligns your time series data to common intervals on the time axis (for example every one minute) to optimize the visualization and performance. See Work with Metrics Visualizations.
May 2, 2017
Threat Intel Quick Analysis App. This App correlates CrowdStrike's threat intelligence data with your own log data, allowing for real-time security analytics to help you detect any threats in your environment, while protecting against sophisticated and persistent cyber-attacks. The Threat Intel Quick Analysis App scans your selected logs for threats based on IP, file name, URL, domain, Hash 256, and email. See Threat Intel Quick Analysis App.
Dashboard Sharing updates. You can now share Dashboards with just your organization (whitelist) or with everyone. The permission to share dashboards is now spit into two groups:
- Share Dashboards with the Whitelist
- Share Dashboards with the World
See Share Dashboards and Role Capabilities for details.
April 28, 2017
PCI Compliance for AWS CloudTrail App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for AWS CloudTrail App offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for AWS CloudTrail App covers PCI requirements 02, 07, 08 and 10. See PCI Compliance for AWS CloudTrail App.
April 27, 2017
Fastly App. Fastly is a content delivery network (CDN) that provides you control over how and where you serve content, access to real-time performance analytics, and the ability to cache unpredictably changing content at the edge. With the Sumo Logic Fastly App, you can examine performance by origin, quality of service, and monitor your visitor traffic for important patterns using pre-defined searches and Dashboards for real-time visibility into your environment. See Fastly App.
April 26, 2017
PCI Compliance for Linux App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Linux offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Linux App covers PCI requirements 02, 07, 08 and 10. See PCI Compliance for Linux App.
PCI Compliance for Windows App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Windows offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Windows App covers PCI requirements 02, 06, 08 and 10. See PCI Compliance for Windows App.
April 24, 2017
AWS Elastic Load Balancer - Application App. This App ingests logs stored in an S3 bucket, giving you the visibility to see the overall health of your Application Load Balancer and Target Groups. Use the Sumo Logic App to analyze raw Application Load Balancer data to investigate the availability of applications running behind Application Load Balancers. See AWS Elastic Load Balancer - Application App.
March 28, 2017
Histogram Time Range Selection. You can highlight a time range in the search results histogram to filter your search results in the Messages tab based on that time range. See Change the Time Range in the Histogram.
Cloud Syslog Source. Documentation for the Cloud Syslog Source beta feature has been updated to expand the rsyslog and syslog-ng information and include troubleshooting suggestions. See Beta - Cloud Syslog Source.
April 28, 2017
PCI Compliance for AWS CloudTrail App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for AWS CloudTrail App offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for AWS CloudTrail App covers PCI requirements 02, 07, 08 and 10. See PCI Compliance for AWS CloudTrail App.
April 27, 2017
Fastly App. Fastly is a content delivery network (CDN) that provides you control over how and where you serve content, access to real-time performance analytics, and the ability to cache unpredictably changing content at the edge. With the Sumo Logic Fastly App, you can examine performance by origin, quality of service, and monitor your visitor traffic for important patterns using pre-defined searches and Dashboards for real-time visibility into your environment. See Fastly App.
April 26, 2017
PCI Compliance for Linux App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Linux offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Linux App covers PCI requirements 02, 07, 08 and 10. See PCI Compliance for Linux App.
PCI Compliance for Windows App. The Sumo Logic App for Payment Card Industry (PCI) Compliance for Windows offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges. The PCI Compliance for Windows App covers PCI requirements 02, 06, 08 and 10. See PCI Compliance for Windows App.
April 24, 2017
AWS Elastic Load Balancer - Application App. This App ingests logs stored in an S3 bucket, giving you the visibility to see the overall health of your Application Load Balancer and Target Groups. Use the Sumo Logic App to analyze raw Application Load Balancer data to investigate the availability of applications running behind Application Load Balancers. See AWS Elastic Load Balancer - Application App.
March 28, 2017
Histogram Time Range Selection. You can highlight a time range in the search results histogram to filter your search results in the Messages tab based on that time range. See Change the Time Range in the Histogram.
Cloud Syslog Source. Documentation for the Cloud Syslog Source beta feature has been updated to expand the rsyslog and syslog-ng information and include troubleshooting suggestions. See Beta - Cloud Syslog Source.
March 27, 2017
OneLogin. OneLogin is an Identity Management provider that supplies a comprehensive set of enterprise-grade identity and access management solutions, including single sign-on (SSO), user provisioning, and multi-factor authentication. The Sumo Logic App for OneLogin provides real-time visibility and analysis of OneLogin user activity through event data, such as user logins, administrative operations, and provisioning. See OneLogin App.
March 16, 2017
Metrics Monitors, Alert on Missing Data. For your metrics query, you can monitor your time series to alert you when data has not been seen for a specified time period. These notifications can be sent via email or webhook connections such as Slack or PagerDuty.
March 1, 2017
2-Step Verification. Sumo Logic now offers 2-Step Verification, also known as two-factor authentication, as an optional feature for customers to enhance security and secure sensitive data stored in Sumo Logic. When 2-Step Verification is configured, the user is prompted for an additional security code after authenticating with their username and password. The user obtains the additional security code from a configured device. See About 2-Step Verification.
AWS Lambda functions. Documentation for creating AWS lambda functions was improved and updated to match the current Amazon user interface. See Amazon CloudWatch Logs and Collect Amazon VPC Flow Logs.
February 22, 2017
Log overlay. Metrics visualizations give you a clear picture of WHAT is happening in your environment. By adding log overlays to your metrics visualizations, you can investigate WHY behavior is occurring and what corrective action might be called for. Log overlays help you correlate the performance shown in your metrics visualizations with logged events that could be responsible for changes in behavior. See Use Log Overlay to Analyze Metrics Visualizations for more information.
Share Dashboards Outside of Your Organization. You can share your live dashboards in view-only mode with no sign-in required, with an option to restrict access to viewers connecting from IPs / CIDRs specified in your service whitelist. This feature must be enabled by an administrator on the Manage > Security > Sumo Logic Policies page. See Share Dashboards for more information.
January 30, 2017
Throttling multipliers increased. Based on extensive testing, the multipliers for throttling based on daily average account size have been increased, in order to reduce the number of customers being throttled. See Manage Ingestion for more information.
Account Size - Daily Average | Old Multiplier | New Multiplier |
Less than 100GB per day | 7.0x | 7.5x |
Between 100-256GB per day | 5.6x | 6.0x |
Between 256-512GB per day | 4.2x | 4.5x |
More than 512GB per day | 2.8x | 3.0x |
January 13, 2017
Metrics Data Volume Index. Metrics have been added to the Data Volume Index to provide visibility into the ingest volume as measured in data points. See Enable and Manage the Data Volume Index.
January 4, 2017
Metrics Monitors and Alerts. For your metrics query, you can set a monitor on a time series to alert you when the metric has crossed a static threshold, and then send an email alert. You can set a maximum of one critical alert and one warning alert for each monitor.
Webhook Connection for Microsoft Azure Functions. You can trigger an Azure function directly from a Scheduled Search or metrics monitor by configuring a Webhook connection in Sumo Logic. For details see Webhook Connection for Microsoft Azure Functions.
Webhook Connection for AWS Lambda. You can trigger an AWS Lambda function directly from a Scheduled Search or metrics monitor by configuring a Webhook connection in Sumo Logic. For details see Webhook Connection for AWS Lambda.
2016 Archive
This is an archive of the 2016 Service Release Notes. The current release notes are available in Service Release Notes.
December 22, 2016
Custom Time Range. For searches and metrics, you can specify the time range relative to the current time, or specify a custom time range. For details see Set the Time Range.
December 21, 2016
Metrics Outliers. The metrics outlier feature allows you to identify metrics data points that are outside the range of expected values. You can use outliers to pinpoint unusual behavior in your metrics visualizations and track the behavior over time. Flexible controls are available for you to decide how unexpected a value must be to be labeled an outlier and the number and type of outliers to display. For details see Metrics Outliers.
Time Compare. The Time Compare button becomes available in the Aggregates tab when you run an aggregate search, and allows you to run a compare operation automatically from your search results. For details see Time Compare.
December 13, 2016
Manage S3 Data Forwarding Role Capability. The Manage S3 Data Forwarding Role Capability allows users with this role to manage S3 data forwarding from Sumo Logic to an S3 bucket. For details see Role Capabilities.
December 9, 2016
Color Palette Selector for Metrics. You can specify the color palette for your metrics visualization at the time series, query, and chart level. Settings at the query level overwrite settings at the chart level, and settings at the time series level overwrite settings at the query and chart levels.
November 22, 2016
Sumo Logic App for Amazon EC2 Container Service (ECS). The Sumo Logic App for Amazon ECS provides preconfigured searches and Dashboards that allow you to monitor various metrics (CPU and Memory Utilization, CPU and Memory Reservation) across ECS clusters and services. The App also monitors API calls made by or on behalf of Amazon ECS in your AWS account. For details, see Amazon EC2 Container Service (ECS)).
Sumo Logic App for AWS Elastic Load Balancing Metrics (Preview). The Sumo Logic App for AWS Elastic Load Balancing Metrics allows you to collect and analyze CloudWatch Elastic Load Balancing for Application Load Balancer (ALB) and Classic Load Balancer (CLB) metrics and analyze your ELB system. The App provides preconfigured searches and Dashboards that allow you to monitor Metrics Hosts (healthy and unhealthy), HTTP backend codes, latency and requests, and more. For details see AWS Elastic Load Balancing Metrics App. This is a Preview App (the Preview Apps section was deleted in 2022).
Sumo Logic App for Amazon Inspector (Preview). Amazon Inspector allows you to monitor your AWS resources for potential security risks. The Sumo Logic App for Amazon Inspector provides preconfigured searches and Dashboards that give you instant access to an overview of Amazon Inspector as well as details on assessments, runs, and findings. For details see Amazon Inspector App. This is a Preview App (the Preview Apps section was deleted in 2022).
November 17, 2016
Sumo Logic App for Evident.io ESP (Preview). The Sumo Logic App for Evident.io ESP provides preconfigured searches and Dashboards that allow you to investigate Evident-specific events and provide operational visibility to team members without logging into Evident.io. For details, see Evident.io Evident Security Platform App. This is a Preview App.
November 16, 2016
Sign up for Sumo Logic via the AWS Marketplace. You can sign up for Sumo Logic via the AWS Marketplace. This creates a new Sumo Logic organization and account, and allows you to pay your bill using your Amazon account. For complete details, see Sign Up for Sumo Logic via the AWS Marketplace.
Sumo Logic App for Amazon RDS Metrics (Preview). The Sumo Logic App for Amazon RDS Metrics provides visibility into your Amazon Relational Database Service (RDS) Metrics collected via a CloudWatch Metrics Source. The App’s Dashboards provide preconfigured searches and filters that allow you to monitor your RDS system's overview, CPU, memory, storage, network transmit and receive throughput, read and write operations, database connection count, disk queue depth, and more. For details, see Amazon RDS Metrics. This is a Preview App.
Pause and Resume an S3 Source. You can pause an S3 Source at any time to stop the Source from sending data from the Source to Sumo Logic. Locate the Source on the Manage > Collection page, and click Pause.** Click the Resume** link when you are ready for the Source to start sending data again. For details, see Pause and Resume an S3 Source.
November 10, 2016
AWS Metadata Source for Metrics. The Sumo Logic AWS Metadata Source allows you to collect tags from EC2 instances running on AWS. The metadata is automatically attached to host metrics collected from EC2 instances. See AWS Metadata Source for Metrics.
November 9, 2016
Delta and Rate operators for Metrics Queries. Support has been added for delta and rate operators for metrics queries. For details, see the table of operators in Metrics Queries.
November 8, 2016
Sumo Logic Service Status Indicator. If there has been an outage on your deployment (or pod), the Service Status Indicator displays: at the top of the Help menu, next to Help > Service Status, and next to the title of a Dashboard. For more information, go to Help > Service Status. This will take you to a web page for your pod with details on any outages, incidents, or planned maintenance. For complete details, see Help Menu.
November 7, 2016
Trend Micro Deep Security Preview App is Now GA. The Sumo Logic App for Trend Micro Deep Security is now fully GA. You can install it from Library in the Apps tab. For complete details, see Trend Micro Deep Security App.
November 1, 2016
PagerDuty Preview App is Now GA. The Sumo Logic App for PagerDuty is now fully GA. You can install it from Library in the Apps tab.
GitHub Preview App is Now GA. The Sumo Logic App for GitHub is now fully GA. You can install it from Library in the Apps tab. For complete details, see GitHub App.
Google Apps Preview App is Now GA The Sumo Logic App for Google Apps is now fully GA. You can install it from Library in the Apps tab. For complete details, see Google Apps App.
GZIP Auto Detection for AWS S3 Sources. An S3 Source can collect either plain text or gzip-compressed text. Data is treated as plain text by default, but gzip decompression will be used if both of the following conditions apply:
- The target file has a .gz or .gzip extension, or no file extension.
- The target file's initial bytes match the gzip file format.
For complete details, see AWS S3 Source.
Scheduled Search Email Customization. For scheduled searches, you may now customize the subject and contents of your results email in the Schedule this search dialog. Use variables to customize the subject or your email. Then select check boxes to show or hide the Search Query, Result Set, Histogram, and attach the results as a CSV attachment. (The maximum CSV file size allowed is 5MB or 1,000 results.) For complete details see Schedule a Search.
October 31, 2016
Last Login on the Manage > Users Page. The Manage > Users page now includes information on a user's last login date. If a user is inactive, the status displayed is Never. If no login information is currently available, but the user is active, the status displayed is N/A. Information will be provided the next time the user logs in. For complete details, see Manage Users.
October 26, 2016
Amazon CloudWatch Source for Metrics Total Metrics Field. The Total Metrics field displays the total number of metrics that will be collected if the Source is created with the current configuration. The field automatically refreshes the count when there are changes to the following fields: Regions, Namespaces, Access Key ID, and Secret Access Key. For complete details, see Amazon CloudWatch Source for Metrics.
New Scheduled Search Run Frequency Options. You may now select new Run Frequency options for your Scheduled Searches, including:
- Daily. Select that your search runs every Day, every Weekday (Mon-Fri) or Weekend (Sat-Sun) and the time.
- Weekly. Also select the day of the week that it runs and the time.
- Custom Cron. Enter a custom CRON expression.
For complete details, see Schedule a Search.
October 25, 2016
Percentile (pct) Operator Improvement. The pct operator has been improved to provide smarter results using the t-digest algorithm, which:
- Provides more accurate results.
- Supports higher-precision percentiles (such as 99.9th and 99.99th percentiles).
For complete details, see Percentile (pct).
October 10, 2016
Sort by Aggregates Tab Column Headers. On the Search page, in the Aggregates tab, you can now use the table chart column headers to sort your results, like you would in a spreadsheet. For details, see How to Use the Search Page.
State of the Aggregates Tab is Saved with a Saved or Shared Search. When you save or share a search, the current state of the Aggregates tab is also saved. So if you have created a chart, it will be displayed. When you update your chart, a new link or code is generated in the Share Search dialog. For details, see Save a Search and Share a Link to a Search.
Sumo Logic App for Zscaler Web Gateway. The Sumo Logic App for Zscaler Web Gateway collects logs from Zscaler via Nanolog Streaming Service (NSS) to populate pre-configured searches and Dashboards in order to visualize and provide insight into web traffic behaviors, security, user browsing activities, and risk. This is a Preview App.
October 6, 2016
Field Browser now Supports Aggregate Query Results. Formerly, the Field Browser was available on the Messages tab for only non-aggregate queries. Now, it is available for aggregate query results as well. For complete details and limitations, see Field Browser.
October 4, 2016
Manage Indexes Role Capability. The Manage Indexes Role Capability allows users with this role to manage Partitions and Scheduled Views. For details see Role Capabilities.
September 26, 2016
Sumo Logic App for CrowdStrike Falcon Host (Preview). The Sumo Logic App for CrowdStrike Falcon Host allows you to analyze CrowdStrike security events by type, status, and detection method. You can use the App to investigate CrowdStrike-specific events and provide operational visibility to team members from pre-configured searches and Dashboards, without logging into the CrowdStrike console. This is a Preview App (the Preview Apps section was deleted in 2022).
September 23, 2016
Deprecation of Username/Password for Collector and Source API Authentication. As of September 28, username and password will no longer be supported for API authentication. The API topics have been updated accordingly. See API Authentication.
September 15, 2016
Timezone for Scheduled Search. Sumo Logic now allows you to select the timezone that your scheduled search will use. For details, see Schedule a Search.
View or Download Collector or Source JSON Configuration. You can view and download a JSON configuration file for a Collector or Source from Sumo Logic:
- For Collectors, the JSON file defines a set of Sources used to register a new Collector.
- For Sources, the JSON file defines a single Source to use when managing a folder of multiple Sources or when uploading a new Source using the API.
Downloading the configuration allows you to create scripts to configure multiple Collectors and Sources or to create configuration backups. See View or Download Collector or Source JSON Configuration.
Managing Users and Roles. The ability to manage users and roles can now be expanded beyond admin users. When adding or editing a role, you can add the ability to manage users and roles on the Capabilities tab. See Role Capabilities.
September 12, 2016
Real Time Alert Time Range Limitation. The time range limit for Real Time Alerts has changed. It must now be between 5 and 15 minutes. Previously, it was between 1 and 15 minutes. For details, see Create a Real Time Alert.
Search Results Headers are Now Static. When you run a search query, resulting messages are displayed in the Messages, Aggregates, or Signatures tabs in the lower half of the browser window. The search results headers are now static. For details, see Navigate Through Messages in Search Results.
September 8, 2016
Click the Sumo Logic Logo to Go to the Search "Home" Page. Within the Sumo Logic Web Application, on the Dashboards page, or in the Setup Wizard, click the Sumo Logic logo to return to the Search page, which is considered the Sumo Logic "home" page. For details, see How to Use the Search Page.
September 1, 2016
Scheduled Search Email Alert Template Improvements. The Scheduled Search Email Alert template is now easier to read and includes more pertinent information, including the title of the saved search, description, search query string, time range, run frequency, notification threshold, time that the scheduled search was run, and the name and email of the person who scheduled the search. For complete details, see Receive Email Alerts from Scheduled Searches.
August 29, 2016
Host Metrics App is GA. The Sumo Logic App for Host Metrics allows you to collect your local host metrics and display them using predefined search queries and Dashboards. The App provides Dashboards to display analysis of local host metrics for the CPU, disk, memory, network, and TCP. For details see Host Metrics App.
August 22, 2016
Setup Wizard Metrics Sources. The Setup Wizard now supports the following metrics Sources: Host Metrics, and Graphite-Formatted Metrics including CollectD, DropWizard, and StatsD.
August 15, 2016
Sumo Logic App for Host Metrics (Preview). The Sumo Logic App for Host Metrics allows you to collect your local host metrics and display them using predefined search queries and Dashboards. The App provides Dashboards to display analysis of local host metrics for the CPU, disk, memory, network, and TCP. This is a Preview App.
Search Cookbook (Beta). Doc Hub has a new section, a Problem / Solution / Discussion format that provides an alternative way to access the documentation.
August 11, 2016
New! Longer Web Session Timeouts Available. On the Preferences page, you can now select new longer web timeout session times, from 1 day to 7 days. For details, see Preferences Page.
The Sumo Logic App for Azure Web Apps (Preview). The Sumo Logic App for Azure Web Apps allows you to collect Azure web server and application diagnostics logs and monitor the health of your Azure Web Apps environment. The App provides preconfigured Dashboards that allow you to monitor server operation and traffic requests and response times. This is a Preview App (the Preview Apps section was deleted in 2022).
August 9, 2016
Sumo Logic App for Trend Micro Deep Security (Preview). The Sumo Logic App for Trend Micro Deep Security works with system and security events to monitor event history such as anti-malware, IPS, web reputation, firewall, integrity and log inspection events. For complete details, see Trend Micro Deep Security App. This is a Preview App (the Preview Apps section was deleted in 2022).
August 8, 2016
JFrog Artifactory Sumo Logic Integration. JFrog Artifactory is a universal Artifact Repository Manager that integrates with CI/CD and DevOps tools to provide artifact tracking. The JFrog Artifactory Sumo Logic integration provides the ability to access preconfigured Sumo Logic Dashboards directly from Artifactory that will allow you to analyze data from your Artifactory logs. Enable the JFrog Artifactory Sumo Logic integration directly from Artifactory. When you enable the integration, a Connector and Source are automatically configured, and the Sumo Logic App for Artifactory is automatically installed. For details, see JFrog Artifactory Sumo Logic Integration.
Collector Upgrade Notifications in the Audit Index. The status is provided to the Audit Index (_index=sumologic_audit) for each event in the User Activity Source Category (_sourceCategory=user_activity), and Collector Source (_sourceName=COLLECTOR), including the returned log message of success or failure. For complete details, see Enable and Manage the Audit Index.
August 2, 2016
Metrics. Sumo Logic is now a unified machine data analytics platform for logs and metrics. With the introduction of metrics, you can measure infrastructure, such as operating system performance or disk activity; application performance; or custom business and operational data that is coded into an organization’s applications. You can track key performance indicators (KPIs) over time, determine if an outage has occurred and restore service, or determine why an event occurred and how it might prevented in the future. For details, see Metrics.
August 1, 2016
Predict Operator Autoregressive (AR) Model. The Predict Operator now also includes support for the autoregressive (AR) model, which predicts future data points, along with the linear regression that predicts existing data points. For complete details, see Predict.
Field Extraction Rules now Support JSON and CSV. Field Extraction Rules (FERs) now support the JSON and CSV operators. (JSON auto and CSV auto) are not supported. For details, see Create a Field Extraction Rule.
July 28, 2016
Sumo Logic App for Auth0 (Preview). Auth0 is a cloud-based, extensible identity provider for applications. The Sumo Logic App for Auth0 makes it easy to analyze and visualize your Auth0 event logs, and provides insight into security and operational issues. This is a Preview App (the Preview Apps section was deleted in 2022).
July 19, 2016
New UI for Users and Roles. As the first step in introducing advanced Role Based Access Control (RBAC) to Sumo Logic, the UI for the Manage > User and Manage > Roles pages has been updated. The new UI provides Sumo Logic administrators with an easy and intuitive way to create new roles based on business needs, define the capabilities the roles can access, assign users to roles, and manage the settings for users, roles, and capabilities. For complete details, see Users and Roles.
July 15, 2016
The Sumo Logic App for Azure Audit (Preview). The Sumo Logic App for Azure Audit allows you to collect Azure Audit logs and monitor the health of your Azure environment. The App provides preconfigured Dashboards that allow you to monitor Active Directory activity, resource usage, service health, and user activity. For complete details, see Sumo Logic App for Azure Audit. This is a Preview App.
July 13, 2016
Secure Third-Party Service Access. Within Sumo Logic, several links in the Help menu connect to third-party services, such as Support, Feature Request, and Community. Users that do not authenticate to Sumo Logic using a username and password are required to complete the email verification process. This usually applies to users that log in using a third-party Single Sign-On (SSO) service implementing SAML, users that access Sumo Logic from the Heroku add-on, and users of other Sumo Logic integration partners that provide SSO. For complete details, see Secure Third-Party Service Access.
July 5, 2016
Search Links Lifetime Extended to Three Years. Previously, the lifetime of a search link was only 30 days. This lifetime has been extended to three years. For details, see Share a Link to a Search.
June 30, 2016
Information about Throttling Notifications Added to Audit Index. Status is now provided to the Audit Index when throttling events occur. See the "Throttling Notifications" section in Enable and Manage the Audit Index.
June 28, 2016
fillmissing operator. When you run a standard group-by query, Sumo Logic only returns non-empty groups in the results. For example, if you are grouping by timeslice, then only the timeslices that have data are returned. The fillmissing operator addresses this shortcoming, by allowing you to specify groups that should be represented in the output, even if those groups have no data. For complete details, see fillmissing.
Sumo Logic App for Cylance (Preview). The Sumo Logic App for Cylance allows you to analyze Cylance security events by type, status, and detection method. You can use the App to investigate Cylance-specific events and provide operational visibility to team members without needing to log into Cylance. This is a Preview App (the Preview Apps section was deleted in 2022).
June 27, 2016
Account Page Updates. The Account Usage page has been updated to provide more information on your Sumo Logic Organization, users, and retention period, and the current and previous billing periods. Your Account's Organization ID was previously displayed on the Preferences page, but now it is displayed on the Account page. Also, the Usage Reports page has been removed, as that information is now on the Accounts page.
Change the Name of the Org. The Account Owner can change the display name of their Organization. This can be useful if you are using Multi-account Access to switch between several Sumo Logic Organizations. See the Account Usage page for your account type for more information.
Multiline Processing Enabled by Default in the UI. Multiline processing for Sources is now enabled by default in the Sumo Logic Source Configuration UI, to be consistent with the API configuration. For details, see Define Boundary Regex for Multiline Messages.
June 22, 2016
Sumo Logic App for MongoDB - Preview to GA. The Sumo Logic App for MongoDB has graduated from a Preview App to a fully supported GA Sumo Logic App. It can now be found in the Library under the Apps tab.
May 31, 2016
Change Email Address. As a user, you can now change your email address in Sumo Logic. Or as an administrator, you can change a user's email address. For details, see Change Your Email Address and Change a User's Email Address.
Quick Search for Collectors and Sources. You can quickly start a search for a Collector, Source, or Source Category from the Manage Collection page. For instructions, see Quick Search for Collectors and Sources.
May 26, 2016
Sumo Logic App for Microsoft Office 365 - Preview to GA. The Sumo Logic App for Microsoft Office 365 has graduated from a Preview App to a fully supported GA Sumo Logic App. It can now be found in the Library under the Apps tab.
May 24, 2016
Sumo Logic App for AWS Lambda - Preview to GA. The Sumo Logic App for AWS Lambda has graduated from a Preview App to a fully supported GA Sumo Logic App. It can now be found in the Library under the Apps tab.
Export and Import Content In the Library. In the Library, you can export content as JSON, including whole folders with subfolders, saved searches, and Dashboards. Then you can import the content as JSON into the Personal folder in the same Sumo Logic organization. (All content names must be unique.) You can also export and download your content as a JSON file to import it into another Sumo Logic organization.
The Export and Import functions are provided in order for you to transfer data immediately. The Sumo Logic JSON format may change without notice. There is no guarantee that you will be able to import the JSON in the future.
For complete details, see Export and Import Content in the Library.
May 17, 2016
Sumo Logic App for Artifactory Refresh. The Sumo Logic App for Artifactory has been refreshed with new Overview Dashboard Panels and other important updates. For complete details, see Artifactory App.
May 13, 2016
Sumo Logic App for MongoDB. The Sumo Logic App for MongoDB provides insight into your MongoDB environment, allowing you to track overall system health, queries, logins and connections, errors and warnings, replication, and sharding. This is a Preview App.
May 5, 2016
Sumo Logic App for PagerDuty. The Sumo Logic App for PagerDuty collects incident messages from your PagerDuty account via a webhook, and displays that incident data in pre-configured Dashboards, so that you can monitor and analyze the activity of your PagerDuty account and Services. This is a Preview App.
April 29, 2016
New Dashboards. New** **Dashboards combine all of the functionality of Interactive and Live Dashboards in a unified environment. The interactive mode is now the default when you open a Dashboard, and you can click a toggle to go to Live mode. For details, see About Dashboards.
April 27, 2016
Unlock a User's Account. If a user tries to log into their account several times and fails, his or her account will be locked out for security reasons. During the lockout period, an administrator may now unlock a user's account manually. For details, see Unlock a User's Account.
April 25, 2016
Sumo Logic App for AWS Lambda. The Sumo Logic App for AWS Lambda uses the Lambda logs via CloudWatch and visualizes operational and performance trends about all the Lambda functions in your account, providing insight into executions such as memory and duration usage, broken down by function versions or aliases. This is a Preview App.
April 20, 2016
Sumo Logic Multi-account Access. For users with accounts in multiple deployments, Multi-account Access allows you to log into multiple Sumo Logic accounts (also called organizations) using one username (email address) and password. If the same username already exists in more than one Sumo Logic organization, the accounts are linked automatically. No action is required, though initially, you will be asked to change your password. When you do, this will become your multi-account password. After you log into Sumo Logic, in the menu under your name, you will see the list of organizations that you can access under Switch Org.
IMPORTANT: Single account users are unaffected by Multi-account Access, and will not see this option in the UI.
Other important notes:
- Sumo Logic Multi-account users may have access to organizations that use different Password Policies. With Multi-account, the password policy data from different organizations is centralized.
- For Multi-account users, Collector registration with username and password is longer supported. Multi-account users must use the token or accessid/access key option.
- Also, with Multi-account, to use the API, like with Collectors, you will not be able to log in using a username and password. You will be required to use an Access ID and Access Key.
For complete details, see Multi-account Access.
April 15, 2016
Search the Library for Content Types. In the Library, in the Personal folder, you can now use the search field to search for certain content types. For example, you could enter type:search and the results would list all saved searches. You may also search for folders, Dashboards, and Scheduled Searches. For complete details see Search the Library.
April 12, 2016
Early access to Unified Logs and Metrics. Interested customers can log in to Sumo Logic, then click the new Metrics page to gain early access to the Sumo Logic Metrics feature set, which delivers advanced analytics, powered by machine learning algorithms, for unified log data and time-series metrics.
Scheduled searches are retained when a user is deleted. Previously, when a user account was deleted from Sumo, the user's content was added to a "Content from deleted user..." folder in an Admin account, but scheduled searches were stopped. Now, schedule information associated with searches is retained, even when a user account is deleted. Notifications continue to arrive via email to the same recipients.
April 6, 2016
Preview Tab in the Library, Featuring Preview Apps. Preview Apps (the Preview Apps section was deleted in 2022) are Sumo Logic Apps that are currently under development, but are not yet released or officially supported. They appear in the Library under the Preview tab. You can install and use Preview Apps to test how well their use cases work for you, and provide feedback to Sumo Logic.
Because Preview Apps are not fully developed, they are not officially supported by Sumo Logic Support, and documentation instructions are not final.
Delete the Organization for a Free or Trial Account. The owner of a Sumo Logic Free or Trial account may delete his or her Organization from Sumo Logic, which will close the account permanently. When you delete your Organization, you will delete all users and data from Sumo Logic, close the account, and log yourself out as a user.
Merge operator and revised Transactionize operator. The new Merge operator summarizes a set of events and works with changes to the Transactionize operator. The _group_signature field added by the Transactionize operator is now deprecated, replaced by the Merge operator.
February 17, 2016
LogCompare. LogCompare allows you to compare a section of your log messages from one point in time with the same section at another point in time, and display the changes in patterns. For example, you could use LogCompare to determine if your last software deployment has broken something. To use LogCompare, run a search query with non-aggregate results, then click the LogCompare button in the Messages tab. This automatically compares the current query result with the result of the same query 24 hours in the past to show what has changed.LogCompare to determine if your last software deployment has broken something. To use LogCompare, run a search query with non-aggregate results, then click the LogCompare button in the Messages tab. This automatically compares the current query result with the result of the same query 24 hours in the past to show what has changed.
Date Format preference. On the Preferences page, you can now choose an option for Date Format, which sets how dates appear on the Search page and in saved searches. Changing this from the default option (which uses your browser's default date format) has no affect on collection or timestamps of logs.
February 3, 2016
Manage Security Page UI Update. The Manage > Security page user interface has been updated with fonts, colors, and a new tab style. Some settings have changed locations.
February 2, 2016
Live Tail CLI. The Live Tail Command Line Interface (CLI) is a standalone application that allows you to start and use a Live Tail session from the command line. With the Live Tail CLI, just as with Live Tail in the Sumo Logic Web Application, you can search and filter on the following metadata fields: _sourceCategory, _sourceHost, _sourceName, _source, or _collector. You may also filter on keywords.
In Operator. The In operator returns a Boolean value: true if the specified property is in the specified object, or false if it is not.
January 30, 2016
Access to Partion and Scheduled View Management pages. Non-admins can now view the Manage > Partitions and Manage > Scheduled Views pages. While only Admins can create and manage these search optimization tools, non-Admins may find it useful to see the available Partitions and Scheduled Views.
Sumo Logic App for AWS ELB. The Sumo Logic App for Elastic Load Balancing ingests logs generated by this activity, providing greater visibility into events that, in turn, help you understand the overall health of your EC2 deployment.
January 22, 2016
Sumo Logic App for Box. The Box App has been updated with new scripts and instructions for collecting Box Events. There are no changes to the Dashboards.
January 21, 2016
Live Tail. Sumo Logic Live Tail allows you to see a real-time live feed of log events associated with a Source orCollector, which you can use as a tool for development and troubleshooting. The Live Tail user interface mimics the command line with a solid black background and easy to read white text. It provides all log messages as they come in, with low latency.
You can start and filter a Live Tail session using the following supported metadata categories: _sourceHost
, _sourceCategory
, _sourceName
, _source
, and _collector
.
Other Live Tail features include multiple Live Tail sessions, opening your Live Tail query in the Search page (or Show in Search), opening your Live Tail session in a new "pop-out" window, and changing the preferences of your Live Tail display, including line spacing, message text size, and message color.
January 13, 2016
Export 100,000 records. You can now export 100,000 records from Sumo Logic. The previous limit was 10,000 (via the UI).