Sumo Logic
Sumo Logic is an observability platform that provides visibility into AWS, Azure, and GCP cloud applications and infrastructure.
Sumo Logic parameters and supported features in Nobl9
- General support:
- Release channel: Stable, Beta
- Connection method: Agent, Direct
- Replay and SLI Analyzer: Historical data limit 30 days
- Event logs: Supported
- Query checker: Not supported
- Query parameters retrieval: Supported
- Timestamp cache persistence: Supported
- Query parameters:
- Query interval: 2 min
- Query delay: 4 min
- Jitter: 30 sec
- Timeout: 30 sec
- Agent details and minimum required versions for supported features:
- Plugin name: n9sumologic
- Query delay environment variable: SUMOLOGIC_QUERY_DELAY
- Replay and SLI Analyzer: 0.102.0-beta
- Query parameters retrieval: 0.73.2
- Timestamp cache persistence: 0.65.0
- Additional notes:
- Supported authentication using <accessId>:<accessKey>
Authentication
Accessing Sumo Logic API
The Nobl9 integration uses the Search Job API to interact with Sumo Logic servers. You'll need the following credentials:
- Access ID and Access Key
- Required for authenticating with the Sumo Logic API
- Obtain these from your Sumo Logic account settings
- Only the standard
accessId:accessKey
authentication method is supported - Base64 encoded Access ID authentication is not supported
- Service Endpoint URL
- Your specific endpoint depends on:
- Geographic location
- Account creation date
- Find your URL by logging into your Sumo Logic account
- Must be manually specified as Nobl9 cannot auto-detect it
- See Sumo Logic Endpoints documentation for the complete list
- Your specific endpoint depends on:
Adding Sumo Logic as a data source
Direct connection method
To ensure reliable data transmission between Nobl9 and Sumo Logic, you may need to configure IP address allowlisting.
app.nobl9.com
instance:- 18.159.114.21
- 18.158.132.186
- 3.64.154.26
us1.nobl9.com
instance:- 34.121.54.120
- 34.123.193.191
- 34.134.71.10
- 35.192.105.150
- 35.225.248.37
- 35.226.78.175
- 104.198.44.161
When using direct connections, keep all your Sumo Logic instances in the same release channel to ensure proper synchronization of queries. Having instances across different channels may cause query failures.
Nobl9 Web
- Navigate to Integrations > Sources.
- Click
.
- Click the required Source button.
- Choose Direct.
-
Select one of the following Release Channels:
- The
stable
channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of abeta
release. Use it to avoid crashes and other limitations. - The
beta
channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.
- The
-
Enter the Service Endpoint URL (mandatory).
Sumo Logic provides multiple API endpoints that are assigned to a specific deployment. These endpoints depend on your geographic location and the creation date of your account. Refer to the Sumo Logic API Endpoints for more details. Example Service Endpoint URL:https://service.sumologic.com
-
Enter your Access ID (mandatory).
Refer to the Authentication section above for details. -
Enter your Access key (mandatory).
Refer to the Authentication section above for details.
- Select a Project (mandatory).
Project is a way to organize your Nobl9 resources and manage access to them.
When Project is skipped, Nobl9 uses thedefault
project. - Enter a Display Name (optional).
Spaces are allowed. - Enter a Name (mandatory).
The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example,my-project-1
). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result. - Enter a Description (optional).
Provide extra details about it, its purpose, responsible persons, etc.
Up to 1050 characters. - Specify the Query delay to set a customized delay for queries when pulling the data from the data source.
- The default value in Sumo Logic integration for Query delay is
4 minutes
.
Changing the query delayChanging the query delay can affect your SLI data.
Learn more about query delay and its impact. - The default value in Sumo Logic integration for Query delay is
- Enter a Maximum Period for Historical Data Retrieval.
- This value defines how far back in the past your data will be retrieved when replaying your SLO based on this data source.
- The maximum period value depends on the data source.
Find the maximum value for your data source. - A greater period can extend the loading time when creating an SLO.
- The value must be a positive integer.
- Enter a Default Period for Historical Data Retrieval.
- It is used by SLOs connected to this data source.
- The value must be a positive integer or
0
. - By default, this value is set to 0. When you set it to
>0
, you will create SLOs with Replay.
- Click Add Data Source
YAML
- Create a YAML definition to set up a direct connection with Sumo Logic. For this, refer to the following example:
apiVersion: n9/v1alpha
kind: Direct
metadata:
name: sumo-logic
displayName: Sumo Logic Direct
project: default
annotations:
area: latency
env: prod
region: us
team: sales
spec:
description: Example Sumo Logic Direct
releaseChannel: beta
sumoLogic:
accessID: wzeulXAULylic8
accessKey: "[secret]"
url: https://service.sumologic.com
historicalDataRetrieval:
maxDuration:
value: 30
unit: Day
defaultDuration:
value: 15
unit: Day
queryDelay:
value: 5
unit: Minute
Field | Type | Description |
---|---|---|
queryDelay.unit mandatory | enum | Specifies the unit for the query delay. Possible values: Second | Minute . • Check query delay documentation for default unit of query delay for each source. |
queryDelay.value mandatory | numeric | Specifies the value for the query delay. • Must be a number less than 1440 minutes (24 hours). • Check query delay documentation for default unit of query delay for each source. |
logCollectionEnabled optional | boolean | Optional. Defaults to false . Set to true if you'd like your direct to collect event logs. Contact us to activate it. |
releaseChannel mandatory | enum | Specifies the release channel. Accepted values: beta | stable . |
Source-specific fields | ||
sumologic.url mandatory | string | Service endpoint. See authentication for more details. |
sumologic.access-id mandatory | string, secret | Used to authenticate with Sumo Logic API. See authentication for more details. |
sumologic.access-key mandatory | string | Used to authenticate with Sumo Logic API. Service endpoint. See authentication for more details. |
- Apply your YAML definition using the
sloctl apply
command.
Agent connection method
Nobl9 Web
Follow the instructions below to create your Sumo Logic agent connection.
- Navigate to Integrations > Sources.
- Click
.
- Click the required Source button.
- Choose Agent.
-
Select one of the following Release Channels:
- The
stable
channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of abeta
release. Use it to avoid crashes and other limitations. - The
beta
channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.
- The
-
Enter the Service Endpoint URL (mandatory).
- Select a Project (mandatory).
Project is a way to organize your Nobl9 resources and manage access to them.
When Project is skipped, Nobl9 uses thedefault
project. - Enter a Display Name (optional).
Spaces are allowed. - Enter a Name (mandatory).
The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example,my-project-1
). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result. - Enter a Description (optional).
Provide extra details about it, its purpose, responsible persons, etc.
Up to 1050 characters. - Specify the Query delay to set a customized delay for queries when pulling the data from the data source.
- The default value in Sumo Logic integration for Query delay is
4 minutes
.
Changing the query delayChanging the query delay can affect your SLI data.
Learn more about query delay and its impact. - The default value in Sumo Logic integration for Query delay is
- Enter a Maximum Period for Historical Data Retrieval.
- This value defines how far back in the past your data will be retrieved when replaying your SLO based on this data source.
- The maximum period value depends on the data source.
Find the maximum value for your data source. - A greater period can extend the loading time when creating an SLO.
- The value must be a positive integer.
- Enter a Default Period for Historical Data Retrieval.
- It is used by SLOs connected to this data source.
- The value must be a positive integer or
0
. - By default, this value is set to 0. When you set it to
>0
, you will create SLOs with Replay.
- Click Add Data Source
- Deploy your agent in a Kubernetes cluster or Docker container.
YAML
- Create a YAML definition to set up an agent connection with Sumo Logic. For this, refer to the following example:
apiVersion: n9/v1alpha
kind: Agent
metadata:
name: sumo-logic
displayName: Sumo Logic Agent
project: default
annotations:
area: latency
env: prod
region: us
team: sales
spec:
description: Example Sumo Logic Agent
releaseChannel: beta
sumoLogic:
url: https://service.sumologic.com
historicalDataRetrieval:
maxDuration:
value: 30
unit: Day
defaultDuration:
value: 15
unit: Day
queryDelay:
value: 5
unit: Minute
Field | Type | Description |
---|---|---|
queryDelay.unit mandatory | enum | Specifies the unit for the query delay. Possible values: Second | Minute . • Check query delay documentation for default unit of query delay for each source. |
queryDelay.value mandatory | numeric | Specifies the value for the query delay. • Must be a number less than 1440 minutes (24 hours). • Check query delay documentation for default unit of query delay for each source. |
releaseChannel mandatory | enum | Specifies the release channel. Accepted values: beta | stable . |
Source-specific fields | ||
sumologic.url mandatory | string | Service endpoint. See authentication section above for more details. |
- Apply your YAML definition using the
sloctl apply
command. - Deploy your agent in a Kubernetes cluster or Docker container.