Skip to main content

Endace (Apps)

We're happy to announce the release of our new partner app for Endace. Endace delivers scalable, always-on packet capture in on-premise and hybrid cloud environments for definitive network visibility. The Endace App includes premade dashboards for logs such as Zeek, Suricata, Cisco ASA, Cisco Firepower and Palo Alto Networks, which include a Pivot-to-Vision link to connect you to your EndaceProbe for further investigation.

Learn more.

Azure Blob Storage Collection for Append Blobs (Collection)

We're excited to announce the release of our new Azure Blob Storage Collection for append blobs. This integration with Azure Blob Storage enables you to ingest custom application logs and azure service logs stored as append blob type from a storage account to Sumo Logic.

Learn more.

Improved Data Handling for Window and Threshold-Based SLOs (Observability)

We are happy to introduce a new update for handling missing data in window and threshold-based Service Level Objectives (SLOs). Previously, any window without data was treated as successful, and the threshold condition check was skipped. With this update, for windows without data, the threshold will be compared against zero to determine their success or failure.

This change simplifies expressing SLOs where missing data signifies unsuccessful windows. For example, consider an SLO definition where absence of heartbeat log messages signifies an unsuccessful window. Previously, such windows were treated as successful by default. With this update, modeling such cases will become much easier and more accurate.

Sumo Logic AWS Lambda Extension v8 (Collection)

We're excited to announce the release of Sumo Logic AWS Lambda Extension version 8. Here are the key features that this upgrade provides:

  • Improved the support for AWS KMS encrypted SUMOLOGIC_HTTP_ENDPOINT, including the introduction of new KMS_KEY_ID and KMS_CACHE_SECONDS environment variables.
  • Introduced three new environment variables TELEMETRY_MAX_BYTES, TELEMETRY_MAX_ITEMS, and TELEMETRY_TIMEOUT_MS, which helps you to reduce the ingestion delay based on log volume.
  • Upgraded Golang to version 1.22 to resolve 20+ security vulnerabilities.

To learn more, refer to our Lambda extensions changelog.

View Connections Role Capability (Manage)

As part of our on-going product security improvements, we have introduced the View Connections role capability. This role capability allows a user to view or change webhook and ServiceNow connections associated with a Scheduled Search or a monitor.

Starting June 24, 2024, new Scheduled Searches or monitors configured with Webhook or ServiceNow notification channels can only be viewed or assigned to those connections by users with the View Connections role capability.

Prior to June 24, 2024, assign the View Connections role capability to users where appropriate. After this date, users who do not have this role capability assigned will no longer be able to configure a Scheduled Search or monitor with a webhook target.

For information about how to configure webhook and ServiceNow connections, see Set Up Webhook Connections.

Disallow Weak Passwords (Manage)

We are happy to announce a new Disallow weak passwords option in our password policy settings. When this option is enabled, users will not be able to save a password if Sumo Logic determines it is weak. For example, a password is considered weak if it is:

  • Obtained from previous breaches.
  • A dictionary word.
  • Contains repetitive or sequential characters, for example, ‘aaaaaa’, ‘1234abcd’.
  • Contains context-specific words, such as the name of the service or the username.

Learn more.

Include Partition in Default Scope - Flex (Manage)

We are excited to announce that we have added a new Include this partition in default scope checkbox to our Create Partitions page. This allows you to include or exclude the partition from the default scope of query. When included and if _index is not considered in the query, all the included partitions will be considered for search query by default. Learn more.

New Visualizations (Search)

We're excited to announce the new visualization charts for all the Log Search queries, with which you can customize each chart by modifying the available settings and obtain a unified experience across the Sumo Logic platforms. Charts will appear in a new visualization style by default. However, if required, you can switch to a classic visualization. Learn more.

AWS Observability 2.8.0 (Observability)

We are excited to announce AWS Observability 2.8.0. This update includes:

  • Updates for Amazon RDS - New out-of-the-box dashboards for PostgreSQL based on logs.
  • Redesigned Amazon API Gateway with new metrics and log-based dashboards for Amazon API Gateway access logs for REST, HTTP, and WebSocket API types.
  • Added 20+ new out-of-the-box monitors.
  • Improvements in AWS Observability deployment time.

To learn more, refer to the AWS Observability changelog.

Expanding Cloud Infrastructure Security for AWS Capabilities - Preview (Apps)

We're excited to announce increased visibility into your AWS Cloud environment with the following new features:

  • Out-of-the-box security policy checks. Sumo Logic Cloud Infrastructure Security is now configured by default to use the out-of-the box policy checks. You can now choose to leverage the out-of-the-box policy checks instead of, or in conjunction with, the policy checks provided by AWS Security Hub.
  • Additional investigation capabilities. The update includes the addition of three new dashboards:
  • AI-powered remediation plans. You can now use automated remediation playbooks built specifically for Cloud Infrastructure Security for AWS.

This functionality is in preview. To participate, reach out to your Sumo Logic account executive.

Learn more.


As part of the preview, you can use CloudQuery logs with Cloud Infrastructure Security for AWS. To use the logs, configure the CloudQuery source when you deploy the solution.

Classic Metrics Deprecation and Removal (Metrics)

In January 2024, we deprecated Classic Metrics in favor of our newer Metrics Explorer interface. Effective today, Sumo Logic has removed the ability to use Classic Metrics in Sumo Logic.

  • The Switch to Classic UI option is removed from the user interface and you can no longer switch to Classic Metrics.
  • Any saved Classic Metrics queries are disabled and must be recreated with Metric Explorer.

Metrics Explorer represents an advanced solution tailored to meet all metric-related requirements. It surpasses Classic Metrics in functionality, making it redundant to continue supporting both systems.

For information, see Metrics Explorer.

Deprecation Notice - Real-Time Scheduled Searches (Alerts)

As part of our ongoing evaluation of the Sumo Logic service, we have decided to deprecate Real-Time Scheduled Searches. In particular, we will remove the option to create new Real-Time Scheduled Searches on May 15, 2024. Existing Real-Time Scheduled Searches will continue to function until May 15, 2025. We believe many use cases for Real-Time Scheduled Searches can be met by Monitors. Any remaining use cases can be met by executing these searches at 15m intervals.

In 2020, Sumo Logic released Monitors, which provided a new framework to trigger alerts on both metrics and log data in real time and send notifications. Real-Time Scheduled Searches provided a much more limited version of this functionality. Monitors will continue to be the focus area for our Product and Engineering Teams for features and enhancements regarding alerting.

Learn more here.

Filter Partitions (Manage)

We're happy to introduce a new partitions page enhancement that allows you to filter the partitions based on the type of partitions, either User-Defined Partitions or System Partitions. Learn more.

VMware Tanzu Application Service (Apps)

We're happy to announce the release of the new version of SumoLogic Nozzle for VMware Tanzu. Below are the key features that this update offers:

  • Added support for Tanzu Application Service 6.0 with Tanzu Operations Manager 3.0.x.
  • Upgraded Golang version v1.20 and its dependencies for fixing CVEs.

For detailed version information, refer to the changelog file.

Enhancements to Terraform-Based Monitors (Apps)

We're excited to announce an update of all our Terraform-based monitors.

  • Updated Kubernetes monitors for compatibility with new Helm chart versions.
  • Upgraded AWS and Sumo Logic provider versions to address CVE fixes.
  • Fixed minor bugs.

For details on upgrade instructions, refer to the changelog.

Muting Schedules for Alert Groups

You can now optionally apply a Muting Schedule to your alert group. This saves time by allowing you to select an alert group (a bundled set of alerts) to associate with your Muting Schedule rather than selecting individual monitors. Learn more.

Azure Event Hubs Source for Logs (Collection)

We're excited to announce the release of our new Azure Event Hubs source for logs collection. This integration with Azure Event Hubs provides you with a fully managed, scalable, and low latency solution to stream high-volume logs from Azure to Sumo Logic. Learn more.

Index Aliasing for Search Queries

We're excited to introduce the ability to reference Sumo Logic system indexes with an alias. With this update, you can now use an alias to point to one or more system indexes in the source expression of your search queries.

How it works

With index aliasing, you can use an alias to point to one or more system indexes, such as sumologic_default in the source expression of your query. Both the operator part and results of your query will consist of actual index names.

In addition to sumologic_default, we have several other Sumo Logic-defined system indexes. As a shortcut, rather than prefacing sumologic_ when referencing system indexes in a search, you can alias these indexes by typing an underscore at the beginning. For example, sumologic_default and _default will return the same results. 

Learn more here.

NOTE: This feature is currently live in all deployments except us2 and prod. It will be rolled out to those deployments by April 2.

Dashboard Enhancements - Crosshair and Time Syncing (Dashboards)

We are excited to announce a new set of changes to enhance the readability within the dashboard panels. With these updates, you'll have more control over time ranges, making it easier to investigate specific periods of interest and analyze data effectively. Here's what's included in this update:

  • Crosshair. When you hover over a time series panel, Sumo Logic now displays a crosshair line with the time series data. If other time series panels are also configured with an overlapping time range, then when you hover over one time panel, a crosshair will be displayed on the other panels as well. Learn more.

  • Time Syncing. Using panel zoom feature you can now modify the time range of the dashboard to zoom in for granular details. This time range is considered as a temporary time range and all the other panels in the dashboard will be zoomed in for the selected time range. Learn more.

Estimate Scan Data - Flex (Search)

We're excited to include the Estimate scan details for a query with pay-per-search data, which allows you to get insights into the amount of data scanned to run the query. Also, to help mitigate the cost, you can view the scan estimates while you create/modify monitors and scheduled searches. Learn more.

Introducing Sumo Logic Flex Licensing Offering Unlimited Log Data Ingest

We're excited to introduce Sumo Logic Flex Licensing, revolutionizing log analytics pricing for technical teams by eliminating data tiers and aligning the value of log data with generated insights. This groundbreaking solution offers an efficient, centralized log analytics framework capable of managing enterprise-wide cloud-scale log ingestion seamlessly.

Flex pricing offers free, unlimited log ingest. This innovative model is designed to empower developer, security, and operations teams to capture and analyze critical data across their enterprises without worrying about cost barriers.

Consolidating all data streams into a single platform with unlimited user access fosters seamless collaboration across organizations. As log data ingestion increases, analytics and ML/AI insights sharpen, empowering DevOps and DevSecOps teams to troubleshoot faster and ensure reliable, secure digital experiences.

In an era of exponential data growth, the challenges posed by vast volumes of structured and unstructured data, including siloed information and security gaps, hinder organizations in harnessing essential business insights. Flex addresses these complexities, enabling organizations to scale AI/ML initiatives and deliver dependable digital experiences.

Key features

  • Flexible pricing. Insights and analytics volume dictate pricing, not data ingestion.
  • Efficient log management. Seamlessly manage enterprise-wide cloud-scale log ingestion without cost concerns.
  • Centralized platform. Consolidate data streams from multiple sources into one platform.
  • Unlimited user access. Foster seamless collaboration across your organization.
  • Sharper analytics. ML/AI-driven insights improve as log data ingestion increases.
  • Empowered DevOps and DevSecOps. Troubleshoot faster, accelerate release velocity, and ensure reliable, secure digital experiences.

More information

API Gateway App Update (Apps)

Update - We're excited to announce the release of our updated app for AWS API Gateway, which includes the below enhancements:

  • Added new dashboards for HTTP and WebSocket API, which covers the use cases based on CloudWatch logs and CloudWatch metrics including enhanced metrics.
  • Added support for API Gateway access logs for all three types of APIs - REST API, HTTP API, and WebSocket API.

Learn more here.

Monitor Enhancements - AI-Driven Alerting (Alerts)

We're happy to announce two new monitoring features that allow you to generate alerts that notify you of suspicious behavior and automatically run playbooks to address it.

Anomaly detection

You can now use the Anomaly detection method when you create a monitor. This method applies machine learning techniques to detect anomalies and identify suspicious patterns. It establishes baselines for normal behavior so you receive alerts when deviations or unusual activities are encountered.

Learn more.

Automated playbooks

An automated playbook is a predefined set of actions and conditional statements that run in an automated workflow to respond to an event. For example, suppose that a monitor detects suspicious behavior that could indicate a security problem. When the monitor sends the alert, it could also run an automated playbook to respond to the event.

Learn more.

Accounts Page Enhancements (Manage)

New - We're happy to introduce you to new accounts page enhancements such as Dynamic Forecasts, Credit Baseline, Total Credits Usage Breakdown, Time Series View, and Usage % Change. Learn more.

Introducing Our New and Enhanced Sumo Logic UI - Beta

We're excited to announce the availability of the Closed Beta version of our updated Sumo Logic User Interface (UI). This release brings several enhancements aimed at improving your overall experience:

  • Unified Navigation. Seamlessly access all Observability features (e.g., Alerts, Log Search, APM, Metrics) alongside Security features (e.g., Cloud SIEM, Cloud SOAR) from a single, unified left-navigation menu. This is a significant improvement over our legacy Classic UI, where users had to navigate away from Sumo Logic when using Cloud SIEM or SOAR.
  • Streamlined Administration. Administrative functions, Data Configuration, Help, and User Preferences have been relocated to the top toolbar menu for simplified access.
  • Enhanced Browsing Experience. Now, instead of in-app tabs, you can utilize native browser tabs for a more familiar browsing experience, complete with session history, the back button, favorites, and other native browser capabilities.
  • Improved Performance. With a simplified UI, you'll experience accelerated performance, enhanced usability, and a consistently smooth browsing experience, empowering you to troubleshoot incidents faster. We've achieved significant improvements in two primary metrics:
    • First Contentful Paint (FCP). ~90% improvement (synthetic), 75% improvement (RUM).
    • Time to Interactivity (TTI). ~27% improvement (synthetic), 50% improvement (RUM).
  • Stateful URLs. URLs now reflect real-time changes. Any modifications you make within the UI are instantly reflected in the URL parameters, ensuring effortless sharing of the most up-to-date content with collaborators.

To explore these improvements, reach out to your Sumo Logic sales representative for access to the Closed Beta. We look forward to your feedback as we continue to refine our UI.

More information:

Azure Blob Storage Collection Update (Apps)

We're happy to announce an update of the Azure Blob Storage collection framework. Here are some of the key features that this update offers:

  • Aligns all the components to the latest version of Azure Functions runtime and libraries.
  • Replaces the soon-to-be deprecated classic application insights resource with new workspace-based application insights.
  • Updated function application logging with log levels.
  • Provides necessary security updates.

For upgrade instructions, refer to the changelog. For information on collecting logs from Azure Blob Storage, see our documentation.

Azure Monitor Metrics Collection (Collection)

We're happy to announce an update of the Azure metric collection framework. Here are some of the key features that this update offers:

  • Aligns all the components to the latest version of Azure Functions runtime and libraries.
  • Replaces the soon-to-be deprecated classic Application insights resource with new workspace-based Application insights.
  • Provides necessary security updates.

Refer here for details on upgrade instructions and changelog. Also, for more information on metrics collection from Azure Monitor, see our documentation.

Indicators for POV Trial Period Expiry (Manage)

Update - Previously, for Sumo Logic customers on POV Trial plans, their accounts would be downgraded automatically to our Free plan at the end of their 45-day trial period. Effective today, these customers will be notified about their trial period expiration date in two different places in the UI: View details for the selected organizations and Child org table. Learn more.

New Visualizations (Search)

We're excited to announce the new visualizations for Log Search queries with which you can customize each chart by modifying the available settings and obtain a unified experience with charts across the Sumo Logic platforms. Learn more.

Improved Performance for Metrics Queries Using Aggregations (Metrics)

We're excited to announce that we've introduced optimization improving the performance of Metrics queries that use aggregations (avg, min, max, sum or count) and which time range is within the last 24 hours.

Such queries are now faster, additionally allowing to aggregate data from a larger amount of time series.

Learn more.

Cloud Infrastructure Security for AWS (Apps)

We’re excited to announce the general availability of Cloud Infrastructure Security for AWS. This solution unifies views of active threats, security control failures, and suspicious activity across your AWS environment to give you security posture visibility at a glance.

This feature was previously only available in a preview form. It is now available for general use.

Here are some of the key features the new solution offers:

  • Risk overview. See a summary of all resources that pose risks in a single dashboard that rolls up the findings from other dashboards. Get an action plan for addressing the most important areas of concern.
  • Active threats. See active threats in APIs, resources, and storage.
  • Misconfigurations. See areas in your environment that need to be addressed because they fail best practice security controls.
  • Suspicious activity assessment. See suspicious activity across users, web interactions, networks, and Identity Access Management (IAM).

To learn how you can set up and use Cloud Infrastructure Security for AWS, check out our technical documentation.

Action Required

To use the solution, you are required to sign up and activate Amazon GuardDuty and AWS Security Hub.

Active Directory App Update (Apps)

We're excited to announce an update for the Active Directory JSON - OpenTelemetry application to enhance efficiency and data collection. We are updating the sumo.datasource value from Active Directory to Windows. This change addresses the double data ingestion issue that occurs for customers who have installed both Active Directory and Windows apps and set up separate OpenTelemetry collections for each.


Data collected before the upgrade will not be visible in the Active Directory application.

If you have only the Active Directory JSON - OpenTelemetry app installed and decided to upgrade it, you will need to update your collection configuration according to the instructions below.

  1. Open the configuration file located in C:\ProgramData\Sumo Logic\OpenTelemetry Collector\config\conf.d.
  2. Update the following attributes:
    • key: sumo.datasource
    • value: windows
    • action: insert
  3. Restart the collector by using the following Powershell command Restart-Service -Name OtelcolSumo.

If you have both the Windows - OpenTelemetry and Active Directory JSON - OpenTelemetry apps installed, you should remove the Active Directory OTEL YAML configuration from your machine to prevent double data ingestion. When upgrading the Active Directory app, there's no need to set up a new collection.

No changes are required if you only have Windows - OpenTelemetry installed.

Sumo Orgs - New View for Child Org Usages (Manage)

We're happy to announce that our Account Overview page is updated and now you can get a detailed view of child org usages. Here are some of the key features that this update offers:

  • Monitor child org usage data seamlessly through the new centralized view for child orgs usages.
  • Gain a comprehensive picture of child org credit consumption and usage trends in one place.
  • Navigate to individual child org accounts pages directly from the centralized UI for deeper insights.

For more information, see our documentation on how to monitor credits allocation and usage.

Index Field (Search)

We're excited to include the Index field as metadata at the bottom of every message row, along with other metadata. This allows you to modify the search query by clicking the index name or view surrounding messages by clicking on the dropdown. Learn more.

Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.