Forward CSE Signals to Sumo Logic
note
The information in this topic applies to CSE users whose portal URL ends in sumologic.com. If your portal URL ends in jask.ai, see Forward CSE Data to Sumo Logic.
This topic has instructions for how to send Signals from CSE to the Sumo Logic platform. Once you perform the configuration described below, CSE will start sending data on a continuous basis.
note
Forwarding of CSE Records to CSE is enabled automatically. No configuration is necessary, on either the CSE or Sumo Logic platform side.
About the configuration process
The integration process consists of creating an HTTP Source in Sumo Logic to which the data from CSE will be sent, and configuring one or more indexes in CSE. An index configuration specifies the URL of the target HTTP Source, and optionally, filtering criteria to limit the data that is sent. The name you assign to the index configuration will be used to form a metadata field, _sourceCategory, which will be attached to the forwarded data—you’ll be able to use the _sourceCategory value to search the CSE data in Sumo Logic platform.
If you see a benefit to doing so, you can segment your data further, by creating multiple index configurations, and filtering the Signals that go to each. Doing so will make it easier to search the CSE data in Sumo Logic, because the data assigned to each index has its own _sourceCategory.
Configure an HTTP Source in Sumo Logic
In this step, you create an HTTP Source on a Hosted Collector on the Sumo Logic platform to receive data from CSE. You can use an existing Hosted Collector, or configure a new collector, as described in the Create a Hosted Collector topic.
To configure an HTTP Source:
In the Sumo Logic web app, go to Manage Data > Collection > Collection.
On the Collection page, find the Host Collector where you want to locate the HTTP Source, and click Add Source.
On the Select Source… page, click HTTP Logs & Metrics.
The source configuration page appears.
Name. Enter a name for the source.
Description. (Optional) Enter a description of the source.
Click Save.
The HTTP Source Address popup appears. Copy the URL.
Configure CSE to forward Signals to Sumo Logic
In this step, you configure an index in CSE that specifies the URL of the target HTTP Source on Sumo Logic, and if desired, a filter expression to limit the data forwarded to Sumo Logic.
Perform these steps for each CSE data set you want to send to Sumo Logic,
In the CSE UI, click the gear icon, and then choose Sumo Logic under Integrations.
On the Integrations page, click Index, and then Create.
The Create Index Configuration page appears.
Name. This will be used in the
_sourceCategorymetadata field that Sumo Logic will apply to messages and Signals you send from CSE to Sumo Logic.Data Stream. By default, the Signal option is selected. Leave it selected.
Index URL. Enter the URL for the HTTP Source you created in the previous section.
Filter Expression. (Optional) If you enter a filter expression, only data that matches the expression will be sent to the specified HTTP Source. To filter the data sent, you can use any of the functions supported in rule expressions. For more information, see CSE Rules Syntax.
Click Create.
Searching CSE data in Sumo Logic
The table below shows the metadata to use when searching for CSE raw messages, Signals, and Records in Sumo Logic.
| To search for... | Use this metadata in the scope of your search... |
|---|---|
| Signals | _sourceCategory=asoc/SIGNAL/<CseIndexName> where <CseIndexName> is the name of the index configuration you created for Signals in the previous section. |
| Records | _index = <PartitionName> where <PartitionName> is the name of a Sumo Logic partition that contains CSE Records. For Partition names and more information about searching for CSE Records in Sumo Logic, see Searching for CSE Records in Sumo Logic. |