Top Banner
Sumo Logic QuickStart October 15, 2014 Colin Corstorphine Customer Outreach Manager Sumo Logic Confiden?al

Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Jun 30, 2015



Sumo Logic

QuickStart your Sumo Logic service with this exclusive webinar. At these monthly live events you will learn how to capitalize on critical capabilities that can amplify your log analytics and monitoring experience while providing you with meaningful business and IT insights.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Page 1: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Sumo  Logic  QuickStart  

 October  15,  2014    Colin  Corstorphine  Customer  Outreach  Manager  

Sumo  Logic  Confiden?al  

Page 2: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Introduc?on  !   What’s  New  !   Tips  and  Tricks  !   Searching  and  Parsing  Data  !   Basic  Dashboards  !   Q&A  


Sumo  Logic  Confiden?al  2  

Page 3: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Real-­‐Time  Analy?cs  

!   Cloud  –  Simple  to  deploy,  no  maintenance  required  

The  Sumo  Logic  Difference      

Sumo  Logic  Confiden?al  3  


Elas?c  Scalability  

Cloud  !   Elas?c  scalability  

–  Horsepower  to  process  all  your  IT  data    

!   PaUern  recogni?on  with  LogReduce™  –  Enables  anomaly  detec?on  

!   Real-­‐?me  Analy?cs  –  IT  and  business  insights  in  real  ?me  

Page 4: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Logs  and  the  Enterprise  

Sumo  Logic  Confiden?al  4  

Custom  App  Code  

Server  /  OS  




Open  Source  So[ware  


Page 5: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

What’s  New        

Sumo  Logic  Confiden?al  

Page 6: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Field  Extrac?on  –  Allows  you  to  parse  upon  ingest  which  saves  ?me  and  effort  when  you  have  a  set  of  fields  that  are  commonly  needed  from  a  log.  

!   Pinned  Searches  –  Allows  you  to  keep  a  search  running  (even  if  the  browser  window  closes)  and  return  to  it  later  and  have  the  results  saved.  

Field  Extrac?on  &  Pinned  Searches  

Sumo  Logic  Confiden?al  6  

Page 7: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Tips  and  Tricks        

Sumo  Logic  Confiden?al  

Page 8: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Account  Preferences    

Sumo  Logic  Confiden?al  

Session  Timeout  

Query  Edi?ng/Running  

Page 9: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Searching  and  Parsing  Data        

Sumo  Logic  Confiden?al  

Page 10: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Search  Basic  Overview    

Sumo  Logic  Confiden?al  

Search  Bar  

Time  Range  


Search  Results  


Page 11: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Enter  keywords  and  operators  (separated  by  |)  that  build  on  top  of  each  other  

Search  Syntax  Flow  

Sumo  Logic  Confiden?al  

Keyword  Iden?fica?on  

Data  Classifica?on  

Ac?ons  and  Opera?ons  

Display  Configura?on  

Desired  Results  

Page 12: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Full-­‐text  search  expressions  enable  you  to  search  for  mul?ple  terms  and  logical  expressions  –  Case  insensi?ve  – Wildcard  support  – Metadata  field  –  Boolean  logic    

•  Complete  (AND/OR)  •  Implicit  AND    

Keyword  Expression  

Sumo  Logic  Confiden?al  

Page 13: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Metadata  tags  are  associated  to  your  log  messages  when  data  is  collected  and  are  set  during  Source/Collector  configura?on.    

Metadata  Fields  

Sumo  Logic  Confiden?al  

Name   Descrip,on  

_collector   Name  of  collector  when  installed  

_source   Name  of  the  source  defined  during  configura?on  

_sourceHost   The  host  name  of  the  source    

_sourceCategory   Category  associated  with  the  source  

_sourceName   The  name  of  the  log  file  (including  path)  

Page 14: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Metadata  can  be  used  with  keyword  search  –  Use  with  an  underscore  to  invoke  them      

Metadata  Fields  

Sumo  Logic  Confiden?al  

Page 15: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   The  data  available  to  your  search  request  is  determined  by  the  selected  ?me  range.  –  Pre-­‐populated  

•  Last  15  Minutes  •  Last  3  Hours  •  Today  

–  Absolute  •  12:25  12:30  •  8/11  12:00  8/11  13:00  

–  Rela?ve  •  -­‐5m  •  -­‐2h  •  -­‐2h  -­‐1h  

Time  Range  

Sumo  Logic  Confiden?al  15  

Page 16: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Combina?on  of  boolean  logic,  wild-­‐cards  and  metadata    (Error*  OR  fail*  OR  except*)  AND  _sourceCategory=*apache*  

Example  1  

Sumo  Logic  Confiden?al  16  

Page 17: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Exact  string  matching    (_sourceCategory=Apache/Access  AND  !"Macintosh;  Intel  Mac  OS  X  10_6_8")  AND  *GET  

Example  2  

Sumo  Logic  Confiden?al  17  

Page 18: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Adding  a  metadata  field  value    

Refining  results  based  on  keywords  

Sumo  Logic  Confiden?al  18  

Page 19: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Refining  Results  by  Surrounding  Messages  

Sumo  Logic  Confiden?al  

Page 20: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

! LogReduce  uses  fuzzy  logic  and  so[  matching  to  cluster  messages  providing  quick  inves?ga?on  view  into  your  environment.  

(Error  OR  fail*)  

Looking  for  the  Unknown    

Sumo  Logic  Confiden?al  20  

Result  Sets  

Page 21: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

! LogReduce  uses  fuzzy  logic  and  so[  matching  to  cluster  messages  providing  quick  inves?ga?on  view  into  your  environment.  

(Error  OR  fail*)|  summarize  

Looking  for  the  Unknown    

Sumo  Logic  Confiden?al  21  

Page 22: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Parsing  enables  a  user  to  extract  parts  of  a  message  and  classify  them  as  fields.  –  A  specific  key/value  you  want  to  extract  –  Enables  you  to  perform  addi?onal  opera?ons    

•  Logical/condi?onal  –  based  on  values  •  Mathema?cal  –  opera?ons  on  value  sets  

!   Ways  of  defining  fields  –  Parse  anchor:  leverages  start  and  stop  anchors  –  Parse  regex:  extracts  nested  informa?on  via  regex  –  Pre-­‐defined  parsers:  predefined  libraries  of  named  fields  –  Field  extrac?on  

Extrac?ng  addi?onal  labels/fields  

Sumo  Logic  Confiden?al  22  

Page 23: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Single  field  example  

Parse  Anchor  Using  the  UI  

Sumo  Logic  Confiden?al  23  

Page 24: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   The  count  Operator  enables  you  to  group  messages  that  match  a  classifica?on  –  No  Group:  provides  a  total  message  count  

•  Ex:  *  |  count  •  Ex:  :  *  |  count  as  mycount      

The  count  operator  

Sumo  Logic  Confiden?al  24  

Page 25: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Dissec?ng  your  result  sets  using  metadata  fields  –  Ability  to  aggregate  results  sets  and  grouping  them  by  metadata  fields  •  EX:  _collector=*apache*  |  count  by  _sourceCategory  

–  Get  a  count  of  grouped  result  sets  •  Ex:  (Error  OR  fail*)|  count  by    _sourcecategory  ,    _sourcehost  

–  Organize  Results  by  Count  •  Ex:    _collector=*apache*|  count  by  _sourceCategory  |  sort  by  _count  

Leveraging  Metadata  for  grouping  

Sumo  Logic  Confiden?al  25  

Page 26: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

! Timeslice  operator  enables  you  to  segment  your  results  by  ?me  buckets  – Minute  (?meslice  by  5m)  –  Hour  (?meslice  by  1h)  –  Day  (?meslice  by  1d)  

Time-­‐based  Grouping  

Sumo  Logic  Confiden?al  26  

Page 27: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Now  that  you  have  grouped  your  data  there’s  different  ways  of  displaying  your  result  sets  

!   Icons  of  different  charts  –  Table  –  Pie  –  Bar  –  Line  –  Area    

Providing  Context  through  Visualiza?on  

Sumo  Logic  Confiden?al  27  

Page 28: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Dashboards  contain  a  collec?on  of  real-­‐?me  Monitors  that  provide  a  graphical  representa?on  of  your  data    –  Each  Monitor  processes  messages  as  they  are  received  –  Drilldown  for  addi?onal  analysis  –  Choose  from  several  chart  types  

Introduc?on  to  Dashboards  

Sumo  Logic  Confiden?al  28  

Page 29: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Perform  search    

Dashboard:  Adding  a  Monitor    

Sumo  Logic  Confiden?al  29  

Page 30: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

Installing  Applica?ons  

Sumo  Logic  Confiden?al  30  

Page 31: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data


Sumo  Logic  Confiden?al  

Page 32: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Tuesday,  November  4th,  10AM  PST/  1PM  EST  – Tech  Chat:  What’s  New  in  Sumo  Logic  

•  Pinned  Searches  and  Field  Extrac?on    

!   Thursday,  November  6th,  10AM  PST/  1PM  EST  – QuickStart  Webinar  

Coming  up…  

Sumo  Logic  Confiden?al  32  

Page 33: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Post  and  respond  to  ques?ons  

!   Submit  feature  requests  (&  vote  on  others)  

!   Submit  “?ps  and  tricks”  based  on  what  you  learn    


Engage  With  The  Sumo  Logic  Community  

Sumo  Logic  Confiden?al  33  

Click  on  the  Community  sec?on  at    


Page 34: Sumo Logic QuickStart Webinar 10/15: How to Analyze All Your Machine Data

!   Reques?ng  help  via  Support  a[er  consul?ng  the  Community  

!   Search  our  docs  for  more  detail  

!   Consider  Professional  Services  offerings  –  In-­‐depth  training  –  Integra?on  and  use  case  development  

–  Contact  your  sales  rep  or  support  for  details  

!   Invite  your  colleagues  to  future  webinars  

customer-­‐[email protected]  


Don’t  forget  

Sumo  Logic  Confiden?al  34