Sumo Logic

Reading time: 0 minute(s) (0 words)

Sumo Logic is an observability platform that provides visibility into AWS, Azure, and GCP cloud applications and infrastructure.

Sumo Logic parameters and supported features in Nobl9

General support:

Release channel: Stable, Beta

Connection method: Agent, Direct

Replay and SLI Analyzer: Not supported

Event logs: Supported

Query checker: Not supported

Query parameters retrieval: Supported

Timestamp cache persistence: Supported

---

Query parameters:

Query interval: 2 min

Query delay: 4 min

Jitter: 30 sec

Timeout: 30 sec

---

Agent details and minimum required versions for supported features:

Plugin name: n9sumologic

Query delay environment variable: SUMOLOGIC_QUERY_DELAY

Query parameters retrieval: 0.73.2

Timestamp cache persistence: 0.65.0

---

Additional notes:

Supported authentication using <accessId>:<accessKey>

Authentication

Access ID & access key

Nobl9 leverages the Search Job API | Sumo Logic documentation to call the Sumo Logic server.

To connect to Sumo Logic, you need to provide Access ID and Access Key when creating your data source in Nobl9 UI to authenticate with Sumo Logic API. Refer to Sumo Logic documentation for details on how to get your access ID and access key.

Note that Nobl9 only supports the <accessId>:<accessKey> authentication method described in the General API Information | Sumo Logic documentation.

caution

Currently, Nobl9 integration with Sumo Logic does not support Base64 encoded Access ID for authentication.

Service endpoint URL

Sumo Logic provides multiple API endpoints. These endpoints are assigned to the specific deployment. They depend on (1) your geographic location and (2) your account’s creation date.

Nobl9 cannot determine that value automatically, and because of that, you need to specify the correct Service Endpoint URL to connect to Sumo Logic. You can see the Service Endpoint URL when you log in to your Sumo Logic account.

For the full overview of service URLs and how they correspond to API endpoints, refer to the Sumo Logic Endpoints | Sumo Logic documentation.

Adding Sumo Logic as a data source

To ensure data transmission between Nobl9 and Sumo Logic, it may be necessary to list Nobl9 IP addresses as trusted.

💻ip allowlist

IP addresses to include in your allowlist for secure access:

If you're using app.nobl9.com instance:

• 18.159.114.21
• 18.158.132.186
• 3.64.154.26

If you're using us1.nobl9.com instance:

• 34.121.54.120
• 34.123.193.191
• 34.134.71.10
• 35.192.105.150
• 35.225.248.37
• 35.226.78.175
• 104.198.44.161

You can add the Sumo Logic data source using the direct or agent connection methods.

Direct connection method

Direct connection to Sumo Logic requires users to enter their credentials which Nobl9 stores safely.

Nobl9 Web

1. Navigate to Integrations > Sources.
2. Click .
3. Click the required Source button.
4. Choose Direct.

5. Select one of the following Release Channels:

   • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
   • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.

6. Enter the Service Endpoint URL (mandatory).
   Sumo Logic provides multiple API endpoints that are assigned to a specific deployment. These endpoints depend on your geographic location and the creation date of your account. Refer to the Sumo Logic API Endpoints for more details. Example Service Endpoint URL: https://service.sumologic.com

7. Enter your Access ID (mandatory).
   Refer to the Authentication section above for details.

8. Enter your Access key (mandatory).
   Refer to the Authentication section above for details.

8. Select a Project.
   Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses the default project.
9. Enter a Display Name.
   You can enter a user-friendly name with spaces in this field.
10. Enter a Name.
    The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
11. Enter a Description.
    Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it.
12. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.

    • The default value in Sumo Logic integration for Query delay is 4 minutes.

    info

    Changing the Query delay may affect your SLI data. For more details, check the Query delay documentation.
13. Click Add Data Source.

sloctl

1. Create a YAML definition to set up a direct connection with Sumo Logic. For this, refer to the following example:

YAML definition for the direct connection method

apiVersion: n9/v1alpha
kind: Direct
metadata:
  name: sumo-logic
  displayName: Sumo Logic Direct
  project: default
spec:
  description: Example Sumo Logic Direct
  releaseChannel: stable
  sumoLogic:
    accessID: wzeulXAULylic8
    accessKey: "[secret]"
    url: https://service.sumologic.com
  queryDelay:
    value: 5
    unit: Minute

Field	Type	Description
queryDelay.unit mandatory	enum	Specifies the unit for the query delay. Possible values: Second | Minute. • Check query delay documentation for default unit of query delay for each source.
queryDelay.value mandatory	numeric	Specifies the value for the query delay. • Must be a number less than 1440 minutes (24 hours). • Check query delay documentation for default unit of query delay for each source.
logCollectionEnabled optional	boolean	Optional. Defaults to false. Set to true if you'd like your direct to collect event logs. Contact us to activate it.
releaseChannel mandatory	enum	Specifies the release channel. Accepted values: beta | stable.
Source-specific fields
sumologic.url mandatory	string	Service endpoint. See authentication for more details.
sumologic.access-id mandatory	string, secret	Used to authenticate with Sumo Logic API. See authentication for more details.
sumologic.access-key mandatory	string	Used to authenticate with Sumo Logic API. Service endpoint. See authentication for more details.

2. Apply your YAML definition using the sloctl apply command.

Agent connection method

Nobl9 Web

Follow the instructions below to create your Sumo Logic agent connection.

1. Navigate to Integrations > Sources.
2. Click .
3. Click the required Source button.
4. Choose Agent.

5. Select one of the following Release Channels:

   • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
   • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.

6. Enter the Service Endpoint URL (mandatory).

7. Select a Project.
   Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses the default project.
8. Enter a Display Name.
   You can enter a user-friendly name with spaces in this field.
9. Enter a Name.
   The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
10. Enter a Description.
    Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it.
11. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.

    • The default value in Sumo Logic integration for Query delay is 4 minutes.

    info

    Changing the Query delay may affect your SLI data. For more details, check the Query delay documentation.
12. Click Add Data Source.
Deploy your agent in a Kubernetes cluster or Docker container.

sloctl

1. Create a YAML definition to set up an agent connection with Sumo Logic. For this, refer to the following example:

YAML definition for the agent connection method

apiVersion: n9/v1alpha
kind: Agent
metadata:
  name: sumo-logic
  displayName: Sumo Logic Agent
  project: default
spec:
  description: Example Sumo Logic Agent
  releaseChannel: stable
  sumoLogic:
    url: https://service.sumologic.com
  queryDelay:
    value: 5
    unit: Minute

Field	Type	Description
queryDelay.unit mandatory	enum	Specifies the unit for the query delay. Possible values: Second | Minute. • Check query delay documentation for default unit of query delay for each source.
queryDelay.value mandatory	numeric	Specifies the value for the query delay. • Must be a number less than 1440 minutes (24 hours). • Check query delay documentation for default unit of query delay for each source.
releaseChannel mandatory	enum	Specifies the release channel. Accepted values: beta | stable.
Source-specific fields
sumologic.url mandatory	string	Service endpoint. See authentication section above for more details.

1. Apply your YAML definition using the sloctl apply command.
2. Deploy your agent in a Kubernetes cluster or Docker container.

Useful links

For a more in-depth look, consult additional resources:

API authenticationExternal docsAPI keysExternal docs'as' operatorExternal docsMetric quantizationExternal docsRate limit throttlingExternal docsProcess FlowExternal docsAgent metricsAgentCreating SLOs via TerraformTerraformCreating agents via TerraformTerraform