Skip to main content

Trust Login C2C Source (Collection)

icon

We're excited to announce the release of our new cloud-to-cloud source for Trust Login. This source helps you to collect the report logs from the Trust Login platform, and ingest them into Sumo Logic for streamlined analysis. Learn more.

Digital Guardian ARC (Apps)

icon

We're excited to introduce the new Digital Guardian ARC app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Digital Guardian source that provides data protection through analytics, reporting, and workflows. This integration helps to improve real-time activity monitoring, pre-configure alerts for different events, analyze policy enforcements, provide geolocation insights to support targeted threat investigation and response, and identify potential tampering by closely monitoring digital signatures for files and applications.

Explore our technical documentation here to learn how to set up and use the Digital Guardian ARC app for Sumo Logic.

Microsoft Defender for Cloud (Apps)

icon

We're excited to introduce the new Microsoft Defender for Cloud app for Sumo Logic. This app helps you to collect the alerts, security recommendation, and regulatory compliance logs using the Sumo Logic Cloud-to-Cloud Azure Event Hub Source and by configuring the continuous export using the Event Hub instance details in the Azure portal. Key features of the Microsoft Defender for Cloud app include:

  • Gain real-time visibility into security alerts across your Azure environment, categorized by severity (High, Medium, Low, and Informational).
  • Monitor trends in alert activity over time to identify spikes and recurring threats.
  • Leverage detailed alert summaries and remediation steps for effective threat mitigation.
  • Track compliance performance across critical standards, including FedRAMP, PCI DSS 4, CIS Azure Foundations, and Microsoft Cloud Security Benchmark.
  • Analyze threats by categories like data exfiltration, unauthorized access, and account breaches.

Explore our technical documentation here to learn how to set up and use the Microsoft Defender for Cloud app for Sumo Logic.

Sumo Logic Copilot (Search)

icon

We're excited to introduce Copilot, an AI-powered assistant that accelerates log investigations and troubleshooting. With natural language query capabilities and contextual suggestions, Copilot helps security first responders and on-call engineers resolve incidents quickly and efficiently. Learn more.

  • Ask questions in plain English to generate actionable log insights.
  • Get tailored suggestions relevant to your troubleshooting and investigation context.
  • Leverage conversation history to save and resume sessions without losing context.
  • Auto-visualize charts from search results and add them directly to dashboards.
  • Use auto-complete for natural language queries to access insights faster.
Copilot UI with the query Analyze the geographic distribution of requests by source IP

Apps, Solutions, and Collection Integrations - November Release (Observability)

icon

New release

We’re excited to announce the release of the new Azure Database for PostgreSQL, Azure Cosmos DB, and Azure App Service Environment for Sumo Logic.

  • Azure Database for PostgreSQL. Azure Database for PostgreSQL is a fully managed relational database service in the Microsoft cloud based on the PostgreSQL community edition. This integration helps in monitoring resource utilization and identifying slow queries to optimize your workloads and configure your server for the best performance. Learn more.
  • Azure Cosmos DB. Azure Cosmos DB is a fully managed NoSQL and relational database for modern app development offering single-digit millisecond response times, automatic and instant scalability, along with guaranteed speed at any scale. This integration helps in monitoring the overall performance, failures, capacity, and operational health of all your Azure Cosmos DB resources. Learn more.
  • Azure Cosmos DB for PostgreSQL. Azure Cosmos DB for PostgreSQL is a managed service for PostgreSQL powered by the Citus open source extension which enables you to build highly scalable relational apps. This integration helps in identifying configurations errors, analyzing executed statements, and monitoring resource usage of individual nodes in a cluster. Learn more.
  • Azure App Service Environment. An Azure App Service Environment is an Azure App Service feature that provides a fully isolated and dedicated environment for running App Service apps securely at high scale. This integration helps in monitoring your environments operational events such as upgrades, scaling, and suspensions. Learn more.

Enhancements

We're excited to announce the release of the enhancements listed below for the Sumo Logic apps:

  • Apache - OpenTelemetry. Added six new monitors for Apache - OpenTelemetry app that will be triggered for different pre-defined conditions. Learn more.
  • Apache Tomcat - OpenTelemetry. Added four new monitors for Apache Tomcat - OpenTelemetry app that will be triggered for different pre-defined conditions. Learn more.
  • Oracle - OpenTelemetry. Updated the collection process to fetch unified audit logs and added new Unified Audit Syslog dashboard. This new dashboard offers information on database users, top current users, and trends in logon status. This dashboard can also be used with the unified audit logs exported from both Windows and Linux environments. Learn more.
  • Added CloudTrail Audit dashboard. The CloudTrail Audit dashboard is added to the AWS Application Load Balancer, AWS Classic Load Balancer, and AWS Network Load Balancer apps. This dashboard helps you to visualize the successful and failed events globally, event trends, error details, and user activities, offering insights into load balancer performance, security, and usage patterns.
  • Amazon RDS. Added Oracle Logs - Alert Logs Analysis, Oracle Logs - Audit Logs Analysis, and Oracle Logs - Listener Troubleshooting dashboards. These CloudTrail and CloudWatch Logs dashboard provide monitoring for error logs and essential infrastructure details. Learn more.
  • MongoDB Atlas. New version of the MongoDB Atlas collection was released with v.1.0.11 in Pypi and v1.0.18 in AWS Serverless Repository. Learn more

Bug fixes

  • Minor query fixes in the below Classic Apps (Legacy):
    • Amazon CloudTrail - Cloud Security Monitoring and Analytics
    • Github
  • Minor fixes in the monitors for the below Next-Gen Apps:
    • Microsoft Azure AD Inventory
    • Audit

Logs Query Assist - Preview (Search)

icon

This feature is in Preview. To participate, contact your Sumo Logic account representative.

We’re excited to announce the preview release of Query Assist, designed to simplify query building by reducing complexity, enabling easier field discovery, minimizing errors, and providing intelligent query-writing assistance. These enhancements deliver real-time syntax suggestions, schema-based recommendations, and a frictionless query experience.

Key features

  • Real-time syntax suggestions. Get instant recommendations for syntax and operators to accelerate query creation and reduce errors.
  • Schema-based field suggestions. Automatically discover relevant keys and fields for structured data like JSON logs.
  • Partial query prediction. Anticipate the next operator or receive partial query suggestions based on your input.
  • Enhanced user experience. Real-time error highlighting and intelligent suggestions provide a smooth and seamless query-building process.

These updates make it easier for both beginners and advanced users to craft accurate queries and analyze data efficiently. Learn more.

Trend Micro C2C Source (Collection)

icon

We're excited to announce the release of our new cloud-to-cloud source for Trend Micro. This source helps you to collect alert details from the Trend Micro platform, and ingest them into Sumo Logic for streamlined analysis. Learn more.

Kickstart Data Onboarding

icon

We know that getting started with new tools can be challenging. To simplify your onboarding, we’ve introduced Kickstart Data with preloaded sample data and prebuilt dashboards designed to streamline your trial experience with Sumo Logic. With this sample data, you can jump right in, explore dashboards, and understand Sumo Logic's value without needing to set up your own data first.

Key benefits

  • Immediate insights. Begin with sample data and dashboards to experience Sumo Logic’s capabilities instantly.
  • Quick setup. No need to configure firewall settings or security permissions—get started right away.
  • Guided trial. Pre-built dashboards and reports demonstrate real-world scenarios, allowig secure and insightful exploration.
  • Easy transition. Start ingesting your own data anytime. Kickstart deactivated at the trial’s end.

See how Kickstart Data can simplify your onboarding, helping you focus on monitoring and troubleshooting. For more details, visit our Quickstart Guide.

scanned_partition_count Field Computation Change (Search)

icon

We're happy to announce a change in the computation for the scanned_partition_count Search Audit Index field. Previously, we were using incorrect computation to calculate the value for the scanned_partition_count field. With this change, the incorrect computation is fixed and now you will obtain the correct number of partitions scanned for the respective search.

Kandji (Apps)

icon

We're excited to introduce the new Kandji app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Kandji source to collect threat events and device events, thereby maintaining a secure Apple device environment and strengthening organizational security posture.

Explore our technical documentation here to learn how to set up and use the Kandji app for Sumo Logic.

Deprecation of Classic Visualization (Search)

icon

In May 2024, we introduced new visualization charts for all the Log Search queries, with which you can customize each chart by modifying the available settings and obtain a unified experience across the Sumo Logic platforms.

Effective November 22, 2024, the Switch to Classic Visualization button will be removed, and the Classic Visualization view will no longer be available. By default, all your charts will automatically display in the New Visualization style.

AI-Driven Alerts for Metrics Anomalies (Monitors)

icon

We're excited to announce the general availability of AI-driven alerts for metrics anomalies, extending our AI-driven alerting capabilities to include metrics-based monitors. This new feature aims to reduce alert fatigue and accelerate incident resolution through the use of automated playbooks. Learn more.

Key features

  • Advanced anomaly detection. Leverages 30 days of historical metrics data to establish baselines and identify critical anomalies.
  • Customizable detection. Allows configuration based on specific criteria, such as detecting multiple anomalies within a defined time window.
  • Playbook integration. Streamlines diagnosis and recovery by automating responses through integrated playbooks.

Apps, Solutions, and Collection Integrations - October Release (Observability)

icon

New release

We’re excited to announce the release of new Azure Database for MySQL, Azure App Service Plan, Amazon Bedrock, Amazon OpenSearch, and Cosmos DB for NoSQL apps for Sumo Logic.

  • Azure Database for MySQL. Azure Database for MySQL is a relational database service in the Microsoft cloud based on the MySQL Community Edition database engine. This integration helps in identifying slow queries, tracking database-level activity, including connection, administration, data definition language (DDL), and data manipulation language (DML) events. Learn more.
  • Azure App Service Plan. Azure App Service Plan defines a set of compute resources for a app service to run. This integration helps in monitoring memory, CPU, incoming and outgoing bandwidth, number of sockets and their states across all the instances of the plan. Learn more.
  • Amazon Bedrock. Amazon Bedrock is a fully managed service that offers a choice of high-performing foundation models (FMs) from leading AI companies like AI21 Labs, Anthropic, Cohere, Meta, Mistral AI, Stability AI, and Amazon through a single API, along with a broad set of capabilities you need to build generative AI applications with security, privacy, and responsible AI. Learn more.
  • Amazon OpenSearch. Amazon OpenSearch Service is a managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. An OpenSearch Service domain is synonymous with an OpenSearch cluster. Domains are clusters with the settings, instance types, instance counts, and storage resources that you specify. Learn more.
  • Azure Cosmos DB for NoSQL. Azure Cosmos DB is a fully managed NoSQL and relational database for modern app development offering single-digit millisecond response times, automatic and instant scalability, along with guaranteed speed at any scale. This integration helps in monitoring the overall performance, failures, capacity, and operational health of all your Azure Cosmos DB resources. Learn more.

Enhancements

We're excited to announce the release of below listed enhancements for the Sumo Logic apps:

  • Added Monitors in OpenTelemetry apps. ActiveMQ - OpenTelemetry, Docker - OpenTelemetry, Elasticsearch - OpenTelemetry, JMX - OpenTelemetry, Kafka - OpenTelemetry, Linux - OpenTelemetry, macOS - OpenTelemetry, MySQL - OpenTelemetry, Nginx - OpenTelemetry, PostgreSQL - OpenTelemetry, SQL Server - OpenTelemetry, Windows 2012+ - OpenTelemetry apps are updated with new monitors.
  • Classic Apps to Next-Gen Apps Migration. Tracing - Application Services Health and Real User Monitoring apps are migrated from Classic Apps (Legacy) to Next-Gen Apps.
  • Oracle - OpenTelemetry. Updated the collection process to fetch metrics and added new Oracle - Performance Details metrics based dashboards. These new dashboards will help monitor session, process, and transaction count of Oracle Database instance.

Bug Fix

Minor query fixes in the below Classic Apps (Legacy):

  • Amazon VPC Flow - Cloud Security Monitoring and Analytics
  • PCI Compliance for AWS CloudTrai

CrowdStrike Spotlight (Apps)

icon

We're excited to introduce the new CrowdStrike Spotlight app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud CrowdStrike Spotlight source to collect vulnerability logs through the CrowdStrike Spotlight API, helping you to obtain real-time visibility into vulnerabilities across your organization's assets to the security teams.

Explore our technical documentation here to learn how to set up and use the CrowdStrike Spotlight app for Sumo Logic.

Scan Budgets (Manage)

icon

We are happy to introduce our new Usage Management tab under the Accounts section. This feature allows you to define query spending limits, helping prevent unexpected charges and manage Sumo Logic credits, particularly in pay-per-use scenarios by limiting search volume.

Key features include:

  • Org-wide query budget. Set a budget for queries that applies to all users in the organization.
  • User level and role level query budget. Set limits on query data volume at the user level and role level.
  • Flexible actions. Choose what happens when the budget limit is reached. Options include Display a warning to the user or Restrict queries to background scans only.

Explore our technical documentation here to learn how to set up and use Scan Budgets.

Zendesk (Apps)

icon

We're excited to introduce the new Zendesk app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Zendesk source to collect audit logs, providing security analysts with critical visibility into their Zendesk environment.

Explore our technical documentation here to learn how to set up and use the Zendesk app for Sumo Logic.

LastPass (Apps)

icon

We're excited to introduce the new LastPass app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud LastPass source to collect audit logs, providing security analysts with critical visibility into their LastPass environment.

Explore our technical documentation here to learn how to set up and use the LastPass app for Sumo Logic.

AI-Driven Alerts for Metrics Anomalies (Monitors)

icon

We're excited to announce the preview of AI-driven alerts for metrics anomalies, extending our AI-driven alerting to metrics-based monitors. This preview release helps reduce alert fatigue and enables faster incident resolution with automated playbooks.

Key Features

  • Advanced anomaly detection. Uses 30 days of historical metrics data to establish baselines and detect critical anomalies.
  • Customizable detection. Configure detection based on specific criteria, like multiple anomalous data points within a time window.
  • Playbook integration. Automate responses by linking playbooks to streamline diagnosis and recovery.

Learn more

Convert to Anomaly Feature for Log Monitors (Monitors)

icon

We’ve added the Convert to Anomaly option, allowing you to convert outlier monitors into anomaly-based monitors for more efficient data usage and reduced alert noise. Please note that this feature is only available for log monitors at this time. Learn more.

Atlassian (Apps)

icon

We're excited to introduce the new Atlassian app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Atlassian source to collect events logs through the Events API, helping you to to monitor critical events such as user activities, policy changes, group and API token creations, and product access.

Explore our technical documentation here to learn how to set up and use the Atlassian app for Sumo Logic.

Digital Guardian C2C Source (Collection)

icon

We're excited to announce the release of our new cloud-to-cloud source for Digital Guardian. This source helps you to collect export data logs using the Export API and uses Acknowledge API to advance the bookmark value to obtain the next chunk of data from export endpoint to ingests it into Sumo Logic. Learn more.

Kandji C2C Source (Collection)

icon

We're excited to announce the release of our new cloud-to-cloud source for Kandji. This source helps you to collect threat details, device lists, activity logs, and device information from the Kandji platform, and ingest them into Sumo Logic for streamlined analysis. Learn more.

Automox C2C Source (Collection)

icon

We're excited to announce the release of our new cloud-to-cloud source for Automox. This source helps you to collect all events objects, audit trail events, and device inventory details from the Automox platform, and ingest them into Sumo Logic for streamlined analysis. Learn more.

Role Based Index Access (Manage)

icon

We're excited to announce that when you create a role, you can select Index Access to restrict access to data in specific indexes. In addition, when you now select Search Filter, you can create filtering to restrict access to log analytics, audit, and security data. These enhancements ensure that users only see the data they are supposed to.

This feature was previously only available to participants in our beta program. It is now available for general use.

note

These changes are rolling out across deployments incrementally and will be available on all deployments by December 16, 2024.

Learn more.

Forward raw log data to S3 (Manage)

icon

We are happy to announce that you can now configure the schema and format of log data forwarded from Sumo Logic to an S3 destination. Previously, forwarding was limited to raw log data along with its metadata and enriched fields. Now, you have the flexibility to choose between forwarding only log data, log data with metadata, or log data with metadata and enriched fields, in either CSV or JSON format. This enhanced flexibility enables you to perform more precise analytics on the data using your preferred tools.

Options to forward raw data

To learn more, see the Forward data to an S3 forwarding destination section in our article Forward Data from Sumo Logic to S3.

Apps, Solutions, and Collection Integrations - September Release (Observability)

icon

New release

We’re excited to announce the release of new Azure Load Balancer, Azure Cache for Redis, and Doppel Vision apps for Sumo Logic.

  • Azure Load Balancer. Azure Load Balancer is an Azure service that allows you to evenly distribute incoming network traffic across a group of Azure VMs or instances in a Virtual Machine Scale Set. This integration helps in monitoring inbound and outbound data throughput, outbound flows, and application endpoint's health of your Load Balancers. Learn more.
  • Azure Cache for Redis. Azure Cache for Redis provides an in-memory data store based on the Redis software. It offers both the Redis open-source (OSS Redis) and a commercial product from Redis Inc. as a managed service. This integration helps in tracking cache performance (miss rate, latency, read and write rate) and monitor resource health incidents and resource usage (CPU, used memory, server load, and connections) of your instances. It also provides policy compliance and recommendations information from Azure advisor. Learn more.
  • Doppel Vision. Doppel technology identifies and takes down deep fakes, malicious impersonations, phishing, disinformation campaigns targeting clients, and utilizes proprietary AI and machine learning tools to automate threat detection and takedowns. The Doppel dashboard provides a comprehensive overview of digital risk protection metrics and alerts, helping users monitor high-severity threats, analyse alerts by various categories, and gain actionable insights. Learn more.

Enhancements

We're excited to announce the release of the updated version of IIS 10 - OpenTelemetry and Azure Webapps apps for Sumo Logic, which includes the below enhancements:

  • IIS 10 - OpenTelemetry. Five new metrics dashboards are added based on performance, cache counters, and worker process metrics. This app now provides more use cases around application performance, state service sessions, connections, errors, cache memory, requests executing, requests in application queue, pipeline instance count, and output cache. Learn more.
  • Azure Webapps. Five new logs dashboards and seven new metrics dashboards are added that use activity logs, antivirus scan audit logs, app service platform logs, app service IPSec logs, and platform metrics. This app now provides more use cases around antivirus scan results, tracking of memory usage, insights into the IP address restrictions configured, insights into the network performance, resource health incidents, and insights into the underlying platform performance. It also provides policy compliance and recommendations information from Azure advisor. Learn more.

Bug Fix

Minor fixes for the below listed apps. To know more about the version updates, navigate to the Releases Notes tab of the respective app.

  • Active Directory 2012+ (JSON)
  • Azure Application Gateway
  • Barracuda CloudGen Firewall
  • Endace
  • LambdaTest

Multiple Scheduled Reports (Dashboards)

icon

We are excited to introduce the Multiple Scheduled Reports feature to Sumo Logic dashboards. This powerful new capability allows you to configure multiple reports against a dashboard, providing enhanced flexibility and control over your reporting needs. Key features include:

  • Multiple Configurations. Set up several reports from the same dashboard, each with its unique settings.
  • Custom Variable Values. Assign different variable values to each report, tailoring the data to meet specific reporting needs.
  • Custom Time Ranges. Define distinct time ranges for each report, ensuring you capture the data most relevant to your analysis.
  • Run Frequencies. Schedule reports to run at varying frequencies, from daily snapshots to monthly summaries.
  • Email Addresses. Specify one or more email addresses for each report, ensuring the right information reaches the right stakeholders.

Learn more here.

Introducing the Sumo Logic New UI

icon

We're excited to announce the opt-in general availability of our Sumo Logic New UI. This release introduces several enhancements designed to improve your overall experience:

  • Unified Navigation. Access all Observability features (e.g., Alerts, Log Search, Metrics) and Security features (e.g., Cloud SIEM, Cloud SOAR) through a single, unified left-navigation menu. Unlike the Classic UI, there's no need to navigate away when switching between Observability and Security tools.
  • Streamlined Administration. Key administrative functions such as Data Configuration, Help, and User Preferences are now conveniently located in the top toolbar for easier access.
  • Enhanced Browsing Experience. We've replaced in-app tabs with native browser tabs to provide a more familiar browsing experience. Enjoy session history, back button support, favorites, and other native browser functionalities.
  • Improved Performance. The simplified UI boosts performance and usability, offering a smoother and faster browsing experience that enables quicker incident resolution. Key improvements include:
    • First Contentful Paint (FCP). Notable improvements in FCP, resulting in faster page loads and improved responsiveness.
    • Time to Interactivity (TTI). Significant reduction in TTI, enhancing the speed at which users can interact with the UI.
  • Stateful URLs. URLs now reflect real-time changes made within the UI. This ensures that any modifications are immediately reflected in the URL parameters, allowing for easy sharing of the latest content with your team.

Explore these improvements and check out our documentation. We value your feedback as we continue to refine our UI.

Microsoft Azure AD Inventory (Apps)

icon

We're excited to introduce the new Microsoft Azure AD Inventory app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Microsoft Azure AD Inventory source to collect devices and users logs through the Microsoft Graph API, providing you with robust security monitoring and threat detection capabilities.

Explore our technical documentation here to learn how to set up and use the Microsoft Azure AD Inventory app for Sumo Logic.

Sophos (Apps)

icon

We're excited to introduce the new Sophos App for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Sophos source to collect alerts and event logs through the Sophos Central APIs, providing you with robust security monitoring and threat detection capabilities.

Explore our technical documentation here to learn how to set up and use the Sophos app for Sumo Logic.

Azure Functions and Azure Application Gateway Update (Apps)

icon

We're excited to announce the release of the updated version of Azure Functions and Azure Application Gateway apps for Sumo Logic, which includes the below enhancements:

  • Azure Functions. 11 new dashboards are added that use Activity logs, Function Application logs, App Service Authentication logs, Azure Functions specific metrics, and General App Service metrics. This app enables seamless integration and monitoring of Azure Functions, providing insights and analytics to optimize serverless application performance and security. Learn more

  • Azure Application Gateway. 10 new dashboards are added that use Activity logs, Access logs, Performance logs, Firewall logs, and Platform metrics. This app helps in analyzing access patterns, tracking performance information for each instance, including total requests served, throughput in bytes, healthy and unhealthy backend instance count. Learn more

count Operator Behavior Change (Search)

icon

We're happy to announce a change to the behaviour of the count operator to return Long values. Previously, the count operator returned Int data type which could lead to a negative value if the maximum integer value was exceeded. With this change, we are changing the data type of the count operator result from Int to Long data type.

This change will apply to all new queries. Any existing queries as part of various content types - Log Search, Scheduled Search, Lookup Table, Scheduled Views, and Saved Search will also seamlessly transition to show Long values in case of Int overflow.

CrowdStrike FDR Host Inventory (Apps)

icon

We're excited to announce the release of the new CrowdStrike FDR Host Inventory app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud CrowdStrike FDR Host Inventory source to gain actionable insights and visualizations to help you prioritize and mitigate device security incidents efficiently.

Check out our technical documentation here to learn how to set up and use the CrowdStrike FDR Host Inventory app for Sumo Logic.

Azure SQL and Azure Storage Apps Update (Apps)

icon

We're excited to announce the release of the updated version of Azure SQL and Azure Storage apps for Sumo Logic, which includes the below enhancements:

  • Azure SQL. Five new dashboards are added that use activity logs, SQL security logs, and automated tuning logs. This app now provides more use cases around auditing DML, DDL, DQL, TCL statements, and service and resource health incidents. It also provides policy compliance and recommendations information from Azure advisor. Learn more

  • Azure Storage. Enhanced monitoring storage performance across all services, such as blob, queue, file, and table. In addition, you can now track resource health and service health incidents. It also provides auditing details of all the control plane operations and helps you troubleshoot errors at the object level. Learn more

AWS Observability 2.9.0 (Observability)

icon

We are excited to announce AWS Observability 2.9.0. This update includes:

  • Updates for Amazon RDS app - New monitors added for RDS MS SQL CloudWatch logs. Solution now supports 70 out-of-box monitors.
  • Improvements in AWS Observability installation time using the CloudFormation template.
  • Integrated the latest SAM versions with AWSO v2.9.0 (CF + TF) to address the CVEs and updated Lambda runtimes from Node.js v18.x to v20.x.
  • Upgraded Sumo Logic Terraform provider to v2.31.0 for CVE fixes.

To learn more, refer to the AWS Observability changelog.

Abnormal Security (Apps)

icon

We're excited to announce the release of the new Abnormal Security app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Abnormal Security source to gain actionable insights and visualizations and helps you to prioritize and mitigate security incidents efficiently.

Check out our technical documentation here to learn how to set up and use the Abnormal Security app for Sumo Logic.

Webex (Apps)

icon

We're excited to announce the release of the new Webex app for Sumo Logic. This app leverages Sumo Logic Cloud-to-Cloud Webex Source to provide comprehensive monitoring and analysis of Webex environments, offering real-time visibility into security events, user activities, and system health.

Check out our technical documentation here to learn how you can set up and use the Webex app for Sumo Logic.

Introducing a New Index Source Category (Search)

icon

We're happy to announce the release of our new source category, view_and_extractedAndCollectedFieldSize_volume in the sumologic_volume index, which provides clear visibility into the assignment of enriched data to the original ingested log messages. This feature will be visible in every relevant logline of the data volume index, enhancing your understanding of the enriched data integration process. Learn more.

For example, in the below message, the extractedAndCollectedFieldsSize property indicates the value of extracted and collected field size.

extracted-And-Collected-Fields-Size

Upgrade Salesforce Source to Version 3.X.X (Collection)

icon

We're excited to announce the release of our new Salesforce Version 3.X.X source, which provides an upgraded authorization method to client credentials flow.

If you have the Salesforce source set up and choose to upgrade it, follow the instructions below to update your source configuration:

Vendor configuration

  1. Log in to the Salesforce platform.
  2. From the left side menu, navigate to Build > Create > Apps.
  3. Under the Connected Apps section, find your connected app and click Edit.
  4. Click the Enable Client Credentials Flow checkbox under API (Enable OAuth Settings).
  5. If prompted, accept the warning once you understand the security risks and click Save.
  6. Navigate back to Build > Create > Apps in the left side menu.
  7. Find your connected app and click Manage. (Learn more).
  8. Click Edit Policies.
  9. Under Client Credentials Flow, go to the Run As dropdown and click the search button. Find the user that you want to assign the client credentials flow.
    note

    For Enterprise Edition orgs, we recommend selecting an execution user who has the API Only User permission.

  10. Click Save to save your changes.

Source configuration

  1. Classic UI. In the main Sumo Logic menu, select Manage Data > Collection > Collection.
    New UI. In the Sumo Logic top menu select Configuration, and then under Data Collection select Collection. You can also click the Go To... menu at the top of the screen and select Collection.
  2. Search for the required source and click the Upgrade button.upgrade-source
  3. You will be directed to the configuration page. Ensure you do not change any of the configurations set.
  4. Click Upgrade at the bottom of the configuration page.

Sumo Orgs - New Credits Management Experience (Manage)

icon

We are excited to introduce a new and enhanced credits management experience for our Sumo Logic orgs customers. This update empowers Sumo Logic parent org admins to manage child org credits with greater ease and control. Here are the key improvements in this update:

  • Flexible Allocation. Parent org admins can now allocate and manage credits for child orgs more flexibly, with faster and fewer steps.
  • Smart Recommendations. Receive system-suggested credit allocations tailored to your needs.
  • Effortless Top-Ups. Seamlessly top-up credits for child orgs upon depletion without needing baseline adjustments.

Learn more.

VMware vSphere version 8 (Apps)

icon

We are excited to announce the release of our VMware app that fully supports VMware vSphere version 8. In this new version, we have fixed CVEs and updated the libraries for collecting data from VMware, ensuring a more secure and efficient virtualization environment. Learn more.

Metrics Data Ingestion (Metrics)

icon

We're excited to announce the release of Metrics Data Ingestion, a new screen that provides detailed information about your metrics data consumption.

Metrics Data Ingestion answers the question, “What things are sending metrics data, and how much are they sending?”. This screen not only provides high level information about the metrics volume, you'll also see a breakdown by individual metric, as well as specific dimensions and sources. With this information, you can determine the items that contribute most to your credit consumption.

To access the new screen, navigate to Administration > Account > Metrics Data Ingestion.

Learn More

Deprecation of Legacy Ingest Budgets V1 – Action Required by September 9, 2024 (Manage)

icon

In November 2020, we introduced Ingest Budgets V2, offering greater flexibility and granularity in metadata and fields within the ingest budget definition. Despite this update, existing V1 budgets continued to function as originally defined while only allowing V2 budgets for all new configurations going forward.

On September 9. 2024, Sumo Logic will deprecate and remove the existing V1 Ingest Budgets that remain defined in customer instances.

To ensure uninterrupted service, review your current ingest budgets under Manage Data > Collection > Ingest Budgets. Identify any budgets tagged as V1 and, if still needed, edit and upgrade them to V2 before the deprecation date.

note

After September 9, 2024, any legacy ingest budgets that are not migrated will be automatically removed, resulting in the loss of ingestion limitation functionality.

Endace (Apps)

icon

We're happy to announce the release of our new partner app for Endace. Endace delivers scalable, always-on packet capture in on-premise and hybrid cloud environments for definitive network visibility. The Endace App includes premade dashboards for logs such as Zeek, Suricata, Cisco ASA, Cisco Firepower and Palo Alto Networks, which include a Pivot-to-Vision link to connect you to your EndaceProbe for further investigation.

Learn more.

Azure Blob Storage Collection for Append Blobs (Collection)

icon

We're excited to announce the release of our new Azure Blob Storage Collection for append blobs. This integration with Azure Blob Storage enables you to ingest custom application logs and azure service logs stored as append blob type from a storage account to Sumo Logic.

Learn more.

Improved Data Handling for Window and Threshold-Based SLOs (Observability)

icon

We are happy to introduce a new update for handling missing data in window and threshold-based Service Level Objectives (SLOs). Previously, any window without data was treated as successful, and the threshold condition check was skipped. With this update, for windows without data, the threshold will be compared against zero to determine their success or failure.

This change simplifies expressing SLOs where missing data signifies unsuccessful windows. For example, consider an SLO definition where absence of heartbeat log messages signifies an unsuccessful window. Previously, such windows were treated as successful by default. With this update, modeling such cases will become much easier and more accurate.

Sumo Logic AWS Lambda Extension v8 (Collection)

icon

We're excited to announce the release of Sumo Logic AWS Lambda Extension version 8. Here are the key features that this upgrade provides:

  • Improved the support for AWS KMS encrypted SUMOLOGIC_HTTP_ENDPOINT, including the introduction of new KMS_KEY_ID and KMS_CACHE_SECONDS environment variables.
  • Introduced three new environment variables TELEMETRY_MAX_BYTES, TELEMETRY_MAX_ITEMS, and TELEMETRY_TIMEOUT_MS, which helps you to reduce the ingestion delay based on log volume.
  • Upgraded Golang to version 1.22 to resolve 20+ security vulnerabilities.

To learn more, refer to our Lambda extensions changelog.

View Connections Role Capability (Manage)

icon

As part of our on-going product security improvements, we have introduced the View Connections role capability. This role capability allows a user to view or change webhook and ServiceNow connections associated with a Scheduled Search or a monitor.

Starting June 24, 2024, new Scheduled Searches or monitors configured with Webhook or ServiceNow notification channels can only be viewed or assigned to those connections by users with the View Connections role capability.

Prior to June 24, 2024, assign the View Connections role capability to users where appropriate. After this date, users who do not have this role capability assigned will no longer be able to configure a Scheduled Search or monitor with a webhook target.

For information about how to configure webhook and ServiceNow connections, see Set Up Webhook Connections.

Disallow Weak Passwords (Manage)

icon

We are happy to announce a new Disallow weak passwords option in our password policy settings. When this option is enabled, users will not be able to save a password if Sumo Logic determines it is weak. For example, a password is considered weak if it is:

  • Obtained from previous breaches.
  • A dictionary word.
  • Contains repetitive or sequential characters, for example, ‘aaaaaa’, ‘1234abcd’.
  • Contains context-specific words, such as the name of the service or the username.

Learn more.

Include Partition in Default Scope - Flex (Manage)

icon

We are excited to announce that we have added a new Include this partition in default scope checkbox to our Create Partitions page. This allows you to include or exclude the partition from the default scope of query. When included and if _index is not considered in the query, all the included partitions will be considered for search query by default. Learn more.

New Visualizations (Search)

icon

We're excited to announce the new visualization charts for all the Log Search queries, with which you can customize each chart by modifying the available settings and obtain a unified experience across the Sumo Logic platforms. Charts will appear in a new visualization style by default. However, if required, you can switch to a classic visualization. Learn more.

AWS Observability 2.8.0 (Observability)

icon

We are excited to announce AWS Observability 2.8.0. This update includes:

  • Updates for Amazon RDS - New out-of-the-box dashboards for PostgreSQL based on logs.
  • Redesigned Amazon API Gateway with new metrics and log-based dashboards for Amazon API Gateway access logs for REST, HTTP, and WebSocket API types.
  • Added 20+ new out-of-the-box monitors.
  • Improvements in AWS Observability deployment time.

To learn more, refer to the AWS Observability changelog.

Expanding Cloud Infrastructure Security for AWS Capabilities - Preview (Apps)

icon

We're excited to announce increased visibility into your AWS Cloud environment with the following new features:

  • Out-of-the-box security policy checks. Sumo Logic Cloud Infrastructure Security is now configured by default to use the out-of-the box policy checks. You can now choose to leverage the out-of-the-box policy checks instead of, or in conjunction with, the policy checks provided by AWS Security Hub.
  • Additional investigation capabilities. The update includes the addition of three new dashboards:
    • Infrastructure Overview. Get deep visibility into your cloud infrastructure to understand how many cloud resources are running and their configurations.
    • Security Control Failures Overview. See misconfigurations in your environment that may leave you vulnerable to attackers.
    • Security Control Failures Investigation. Navigate and prioritize the most important misconfigurations in your environment.
  • AI-powered remediation plans. You can now use automated remediation playbooks built specifically for Cloud Infrastructure Security for AWS.

This functionality is in preview. To participate, reach out to your Sumo Logic account executive.

Learn more.

note

As part of the preview, you can use CloudQuery logs with Cloud Infrastructure Security for AWS. To use the logs, configure the CloudQuery source when you deploy the solution.

Classic Metrics Deprecation and Removal (Metrics)

icon

In January 2024, we deprecated Classic Metrics in favor of our newer Metrics Explorer interface. Effective today, Sumo Logic has removed the ability to use Classic Metrics in Sumo Logic.

  • The Switch to Classic UI option is removed from the user interface and you can no longer switch to Classic Metrics.
  • Any saved Classic Metrics queries are disabled and must be recreated with Metric Explorer.

Metrics Explorer represents an advanced solution tailored to meet all metric-related requirements. It surpasses Classic Metrics in functionality, making it redundant to continue supporting both systems.

For information, see Metrics Explorer.

Deprecation Notice - Real-Time Scheduled Searches (Alerts)

icon

As part of our ongoing evaluation of the Sumo Logic service, we have decided to deprecate Real-Time Scheduled Searches. In particular, we will remove the option to create new Real-Time Scheduled Searches on May 15, 2024. Existing Real-Time Scheduled Searches will continue to function until May 15, 2025. We believe many use cases for Real-Time Scheduled Searches can be met by Monitors. Any remaining use cases can be met by executing these searches at 15m intervals.

In 2020, Sumo Logic released Monitors, which provided a new framework to trigger alerts on both metrics and log data in real time and send notifications. Real-Time Scheduled Searches provided a much more limited version of this functionality. Monitors will continue to be the focus area for our Product and Engineering Teams for features and enhancements regarding alerting.

Learn more here.

Filter Partitions (Manage)

icon

We're happy to introduce a new partitions page enhancement that allows you to filter the partitions based on the type of partitions, either User-Defined Partitions or System Partitions. Learn more.

VMware Tanzu Application Service (Apps)

icon

We're happy to announce the release of the new version of SumoLogic Nozzle for VMware Tanzu. Below are the key features that this update offers:

  • Added support for Tanzu Application Service 6.0 with Tanzu Operations Manager 3.0.x.
  • Upgraded Golang version v1.20 and its dependencies for fixing CVEs.

For detailed version information, refer to the changelog file.

Enhancements to Terraform-Based Monitors (Apps)

icon

We're excited to announce an update of all our Terraform-based monitors.

  • Updated Kubernetes monitors for compatibility with new Helm chart versions.
  • Upgraded AWS and Sumo Logic provider versions to address CVE fixes.
  • Fixed minor bugs.

For details on upgrade instructions, refer to the changelog.

Muting Schedules for Alert Groups

icon

You can now optionally apply a Muting Schedule to your alert group. This saves time by allowing you to select an alert group (a bundled set of alerts) to associate with your Muting Schedule rather than selecting individual monitors. Learn more.

Azure Event Hubs Source for Logs (Collection)

icon

We're excited to announce the release of our new Azure Event Hubs source for logs collection. This integration with Azure Event Hubs provides you with a fully managed, scalable, and low latency solution to stream high-volume logs from Azure to Sumo Logic. Learn more.

Index Aliasing for Search Queries

icon

We're excited to introduce the ability to reference Sumo Logic system indexes with an alias. With this update, you can now use an alias to point to one or more system indexes in the source expression of your search queries.

How it works

With index aliasing, you can use an alias to point to one or more system indexes, such as sumologic_default in the source expression of your query. Both the operator part and results of your query will consist of actual index names.

In addition to sumologic_default, we have several other Sumo Logic-defined system indexes. As a shortcut, rather than prefacing sumologic_ when referencing system indexes in a search, you can alias these indexes by typing an underscore at the beginning. For example, sumologic_default and _default will return the same results. 

Learn more here.

NOTE: This feature is currently live in all deployments except us2 and prod. It will be rolled out to those deployments by April 2.

Dashboard Enhancements - Crosshair and Time Syncing (Dashboards)

icon

We are excited to announce a new set of changes to enhance the readability within the dashboard panels. With these updates, you'll have more control over time ranges, making it easier to investigate specific periods of interest and analyze data effectively. Here's what's included in this update:

  • Crosshair. When you hover over a time series panel, Sumo Logic now displays a crosshair line with the time series data. If other time series panels are also configured with an overlapping time range, then when you hover over one time panel, a crosshair will be displayed on the other panels as well. Learn more.

  • Time Syncing. Using panel zoom feature you can now modify the time range of the dashboard to zoom in for granular details. This time range is considered as a temporary time range and all the other panels in the dashboard will be zoomed in for the selected time range. Learn more.

Estimate Scan Data - Flex (Search)

icon

We're excited to include the Estimate scan details for a query with pay-per-search data, which allows you to get insights into the amount of data scanned to run the query. Also, to help mitigate the cost, you can view the scan estimates while you create/modify monitors and scheduled searches. Learn more.

Introducing Sumo Logic Flex Licensing Offering Unlimited Log Data Ingest

icon

We're excited to introduce Sumo Logic Flex Licensing, revolutionizing log analytics pricing for technical teams by eliminating data tiers and aligning the value of log data with generated insights. This groundbreaking solution offers an efficient, centralized log analytics framework capable of managing enterprise-wide cloud-scale log ingestion seamlessly.

Flex pricing offers free, unlimited log ingest. This innovative model is designed to empower developer, security, and operations teams to capture and analyze critical data across their enterprises without worrying about cost barriers.

Consolidating all data streams into a single platform with unlimited user access fosters seamless collaboration across organizations. As log data ingestion increases, analytics and ML/AI insights sharpen, empowering DevOps and DevSecOps teams to troubleshoot faster and ensure reliable, secure digital experiences.

In an era of exponential data growth, the challenges posed by vast volumes of structured and unstructured data, including siloed information and security gaps, hinder organizations in harnessing essential business insights. Flex addresses these complexities, enabling organizations to scale AI/ML initiatives and deliver dependable digital experiences.

Key features

  • Flexible pricing. Insights and analytics volume dictate pricing, not data ingestion.
  • Efficient log management. Seamlessly manage enterprise-wide cloud-scale log ingestion without cost concerns.
  • Centralized platform. Consolidate data streams from multiple sources into one platform.
  • Unlimited user access. Foster seamless collaboration across your organization.
  • Sharper analytics. ML/AI-driven insights improve as log data ingestion increases.
  • Empowered DevOps and DevSecOps. Troubleshoot faster, accelerate release velocity, and ensure reliable, secure digital experiences.

More information

API Gateway App Update (Apps)

icon

Update - We're excited to announce the release of our updated app for AWS API Gateway, which includes the below enhancements:

  • Added new dashboards for HTTP and WebSocket API, which covers the use cases based on CloudWatch logs and CloudWatch metrics including enhanced metrics.
  • Added support for API Gateway access logs for all three types of APIs - REST API, HTTP API, and WebSocket API.

Learn more here.

Monitor Enhancements - AI-Driven Alerting (Alerts)

icon

We're happy to announce two new monitoring features that allow you to generate alerts that notify you of suspicious behavior and automatically run playbooks to address it.

Anomaly detection

You can now use the Anomaly detection method when you create a monitor. This method applies machine learning techniques to detect anomalies and identify suspicious patterns. It establishes baselines for normal behavior so you receive alerts when deviations or unusual activities are encountered.

Learn more.

Automated playbooks

An automated playbook is a predefined set of actions and conditional statements that run in an automated workflow to respond to an event. For example, suppose that a monitor detects suspicious behavior that could indicate a security problem. When the monitor sends the alert, it could also run an automated playbook to respond to the event.

Learn more.

Accounts Page Enhancements (Manage)

icon

New - We're happy to introduce you to new accounts page enhancements such as Dynamic Forecasts, Credit Baseline, Total Credits Usage Breakdown, Time Series View, and Usage % Change. Learn more.

Introducing Our New and Enhanced Sumo Logic UI - Beta

icon

We're excited to announce the availability of the Closed Beta version of our updated Sumo Logic User Interface (UI). This release brings several enhancements aimed at improving your overall experience:

  • Unified Navigation. Seamlessly access all Observability features (e.g., Alerts, Log Search, APM, Metrics) alongside Security features (e.g., Cloud SIEM, Cloud SOAR) from a single, unified left-navigation menu. This is a significant improvement over our legacy Classic UI, where users had to navigate away from Sumo Logic when using Cloud SIEM or SOAR.
  • Streamlined Administration. Administrative functions, Data Configuration, Help, and User Preferences have been relocated to the top toolbar menu for simplified access.
  • Enhanced Browsing Experience. Now, instead of in-app tabs, you can utilize native browser tabs for a more familiar browsing experience, complete with session history, the back button, favorites, and other native browser capabilities.
  • Improved Performance. With a simplified UI, you'll experience accelerated performance, enhanced usability, and a consistently smooth browsing experience, empowering you to troubleshoot incidents faster. We've achieved significant improvements in two primary metrics:
    • First Contentful Paint (FCP). ~90% improvement (synthetic), 75% improvement (RUM).
    • Time to Interactivity (TTI). ~27% improvement (synthetic), 50% improvement (RUM).
  • Stateful URLs. URLs now reflect real-time changes. Any modifications you make within the UI are instantly reflected in the URL parameters, ensuring effortless sharing of the most up-to-date content with collaborators.
demo-new-ui-beta.gif

To explore these improvements, reach out to your Sumo Logic sales representative for access to the Closed Beta. We look forward to your feedback as we continue to refine our UI.

More information:

Azure Blob Storage Collection Update (Apps)

icon

We're happy to announce an update of the Azure Blob Storage collection framework. Here are some of the key features that this update offers:

  • Aligns all the components to the latest version of Azure Functions runtime and libraries.
  • Replaces the soon-to-be deprecated classic application insights resource with new workspace-based application insights.
  • Updated function application logging with log levels.
  • Provides necessary security updates.

For upgrade instructions, refer to the changelog. For information on collecting logs from Azure Blob Storage, see our documentation.

Azure Monitor Metrics Collection (Collection)

icon

We're happy to announce an update of the Azure metric collection framework. Here are some of the key features that this update offers:

  • Aligns all the components to the latest version of Azure Functions runtime and libraries.
  • Replaces the soon-to-be deprecated classic Application insights resource with new workspace-based Application insights.
  • Provides necessary security updates.

Refer here for details on upgrade instructions and changelog. Also, for more information on metrics collection from Azure Monitor, see our documentation.

Indicators for POV Trial Period Expiry (Manage)

icon

Update - Previously, for Sumo Logic customers on POV Trial plans, their accounts would be downgraded automatically to our Free plan at the end of their 45-day trial period. Effective today, these customers will be notified about their trial period expiration date in two different places in the UI: View details for the selected organizations and Child org table. Learn more.

New Visualizations (Search)

icon

We're excited to announce the new visualizations for Log Search queries with which you can customize each chart by modifying the available settings and obtain a unified experience with charts across the Sumo Logic platforms. Learn more.

Improved Performance for Metrics Queries Using Aggregations (Metrics)

icon

We're excited to announce that we've introduced optimization improving the performance of Metrics queries that use aggregations (avg, min, max, sum or count) and which time range is within the last 24 hours.

Such queries are now faster, additionally allowing to aggregate data from a larger amount of time series.

Learn more.

Cloud Infrastructure Security for AWS (Apps)

icon

We’re excited to announce the general availability of Cloud Infrastructure Security for AWS. This solution unifies views of active threats, security control failures, and suspicious activity across your AWS environment to give you security posture visibility at a glance.

This feature was previously only available in a preview form. It is now available for general use.

Here are some of the key features the new solution offers:

  • Risk overview. See a summary of all resources that pose risks in a single dashboard that rolls up the findings from other dashboards. Get an action plan for addressing the most important areas of concern.
  • Active threats. See active threats in APIs, resources, and storage.
  • Misconfigurations. See areas in your environment that need to be addressed because they fail best practice security controls.
  • Suspicious activity assessment. See suspicious activity across users, web interactions, networks, and Identity Access Management (IAM).

To learn how you can set up and use Cloud Infrastructure Security for AWS, check out our technical documentation.

Action Required

To use the solution, you are required to sign up and activate Amazon GuardDuty and AWS Security Hub.

Active Directory App Update (Apps)

icon

We're excited to announce an update for the Active Directory JSON - OpenTelemetry application to enhance efficiency and data collection. We are updating the sumo.datasource value from Active Directory to Windows. This change addresses the double data ingestion issue that occurs for customers who have installed both Active Directory and Windows apps and set up separate OpenTelemetry collections for each.

note

Data collected before the upgrade will not be visible in the Active Directory application.

If you have only the Active Directory JSON - OpenTelemetry app installed and decided to upgrade it, you will need to update your collection configuration according to the instructions below.

  1. Open the configuration file located in C:\ProgramData\Sumo Logic\OpenTelemetry Collector\config\conf.d.
  2. Update the following attributes:
    • key: sumo.datasource
    • value: windows
    • action: insert
  3. Restart the collector by using the following PowerShell command Restart-Service -Name OtelcolSumo.

If you have both the Windows - OpenTelemetry and Active Directory JSON - OpenTelemetry apps installed, you should remove the Active Directory OTEL YAML configuration from your machine to prevent double data ingestion. When upgrading the Active Directory app, there's no need to set up a new collection.

No changes are required if you only have Windows - OpenTelemetry installed.

Sumo Orgs - New View for Child Org Usages (Manage)

icon

We're happy to announce that our Account Overview page is updated and now you can get a detailed view of child org usages. Here are some of the key features that this update offers:

  • Monitor child org usage data seamlessly through the new centralized view for child orgs usages.
  • Gain a comprehensive picture of child org credit consumption and usage trends in one place.
  • Navigate to individual child org accounts pages directly from the centralized UI for deeper insights.

For more information, see our documentation on how to monitor credits allocation and usage.

Index Field (Search)

icon

We're excited to include the Index field as metadata at the bottom of every message row, along with other metadata. This allows you to modify the search query by clicking the index name or view surrounding messages by clicking on the dropdown. Learn more.
index-filter

2021 Archive

icon

This is an archive of the 2021 Sumo Logic Service Release Notes.

Looking for older release notes?

Release notes from 2016-2020 have been archived. If you need access to earlier versions, contact Support.

Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.