Skip to main content

Sumo Logic

Reading time: 0 minute(s) (0 words)

Sumo Logic is an observability platform that provides visibility into AWS, Azure, and GCP cloud applications and infrastructure.

Sumo Logic parameters and supported features in Nobl9
General support:
Release channel: Stable, Beta
Connection method: Agent, Direct
Replay and SLI Analyzer: Historical data limit 30 days
Event logs: Supported
Query checker: Not supported
Query parameters retrieval: Supported
Timestamp cache persistence: Supported

Query parameters:
Query interval: 2 min
Query delay: 4 min
Jitter: 30 sec
Timeout: 30 sec

Agent details and minimum required versions for supported features:
Plugin name: n9sumologic
Query delay environment variable: SUMOLOGIC_QUERY_DELAY
Replay and SLI Analyzer: 0.102.0-beta
Query parameters retrieval: 0.73.2
Timestamp cache persistence: 0.65.0

Additional notes:
Supported authentication using <accessId>:<accessKey>

Authentication

Accessing Sumo Logic API

The Nobl9 integration uses the Search Job API to interact with Sumo Logic servers. You'll need the following credentials:

  1. Access ID and Access Key
    • Required for authenticating with the Sumo Logic API
    • Obtain these from your Sumo Logic account settings
    • Only the standard accessId:accessKey authentication method is supported
    • Base64 encoded Access ID authentication is not supported
  2. Service Endpoint URL
    • Your specific endpoint depends on:
      • Geographic location
      • Account creation date
    • Find your URL by logging into your Sumo Logic account
    • Must be manually specified as Nobl9 cannot auto-detect it
    • See Sumo Logic Endpoints documentation for the complete list

Adding Sumo Logic as a data source

Direct connection method

To ensure reliable data transmission between Nobl9 and Sumo Logic, you may need to configure IP address allowlisting.

💻ip allowlist
IP addresses to include in your allowlist for secure access:

If you're using app.nobl9.com instance:
  • 18.159.114.21
  • 18.158.132.186
  • 3.64.154.26
If you're using us1.nobl9.com instance:
  • 34.121.54.120
  • 34.123.193.191
  • 34.134.71.10
  • 35.192.105.150
  • 35.225.248.37
  • 35.226.78.175
  • 104.198.44.161
Release channel for direct connections

When using direct connections, keep all your Sumo Logic instances in the same release channel to ensure proper synchronization of queries. Having instances across different channels may cause query failures.

Nobl9 Web

  1. Navigate to Integrations > Sources.
  2. Click .
  3. Click the required Source button.
  4. Choose Direct.
  1. Select one of the following Release Channels:
    • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
    • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.
  2. Enter the Service Endpoint URL (mandatory).
    Sumo Logic provides multiple API endpoints that are assigned to a specific deployment. These endpoints depend on your geographic location and the creation date of your account. Refer to the Sumo Logic API Endpoints for more details. Example Service Endpoint URL: https://service.sumologic.com

  3. Enter your Access ID (mandatory).
    Refer to the Authentication section above for details.

  4. Enter your Access key (mandatory).
    Refer to the Authentication section above for details.

  1. Select a Project (mandatory).
    Project is a way to organize your Nobl9 resources and manage access to them.
    When Project is skipped, Nobl9 uses the default project.
  2. Enter a Display Name (optional).
    Spaces are allowed.
  3. Enter a Name (mandatory).
    The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
  4. Enter a Description (optional).
    Provide extra details about it, its purpose, responsible persons, etc.
    Up to 1050 characters.
  5. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.
    • The default value in Sumo Logic integration for Query delay is 4 minutes.
    Changing the query delay
    Changing the query delay can affect your SLI data.
    Learn more about query delay and its impact.
  6. Enter a Maximum Period for Historical Data Retrieval.
    • This value defines how far back in the past your data will be retrieved when replaying your SLO based on this data source.
    • The maximum period value depends on the data source.
      Find the maximum value for your data source.
    • A greater period can extend the loading time when creating an SLO.
      • The value must be a positive integer.
  7. Enter a Default Period for Historical Data Retrieval.
    • It is used by SLOs connected to this data source.
    • The value must be a positive integer or 0.
    • By default, this value is set to 0. When you set it to >0, you will create SLOs with Replay.
  8. Click Add Data Source.

YAML

  1. Create a YAML definition to set up a direct connection with Sumo Logic. For this, refer to the following example:
YAML definition for the direct connection method
apiVersion: n9/v1alpha
kind: Direct
metadata:
name: sumo-logic
displayName: Sumo Logic Direct
project: default
annotations:
area: latency
env: prod
region: us
team: sales
spec:
description: Example Sumo Logic Direct
releaseChannel: beta
sumoLogic:
accessID: wzeulXAULylic8
accessKey: "[secret]"
url: https://service.sumologic.com
historicalDataRetrieval:
maxDuration:
value: 30
unit: Day
defaultDuration:
value: 15
unit: Day
queryDelay:
value: 5
unit: Minute
FieldTypeDescription
queryDelay.unit
mandatory
enumSpecifies the unit for the query delay. Possible values: Second | Minute.
• Check query delay documentation for default unit of query delay for each source.
queryDelay.value
mandatory
numericSpecifies the value for the query delay.
• Must be a number less than 1440 minutes (24 hours).
• Check query delay documentation for default unit of query delay for each source.
logCollectionEnabled
optional
booleanOptional. Defaults to false. Set to true if you'd like your direct to collect event logs. Contact us to activate it.
releaseChannel
mandatory
enumSpecifies the release channel. Accepted values: beta | stable.
Source-specific fields
sumologic.url
mandatory
stringService endpoint. See authentication for more details.
sumologic.access-id
mandatory
string, secretUsed to authenticate with Sumo Logic API. See authentication for more details.
sumologic.access-key
mandatory
stringUsed to authenticate with Sumo Logic API. Service endpoint. See authentication for more details.
  1. Apply your YAML definition using the sloctl apply command.

Agent connection method

Nobl9 Web

Follow the instructions below to create your Sumo Logic agent connection.

  1. Navigate to Integrations > Sources.
  2. Click .
  3. Click the required Source button.
  4. Choose Agent.
  1. Select one of the following Release Channels:
    • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
    • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.
  2. Enter the Service Endpoint URL (mandatory).

  1. Select a Project (mandatory).
    Project is a way to organize your Nobl9 resources and manage access to them.
    When Project is skipped, Nobl9 uses the default project.
  2. Enter a Display Name (optional).
    Spaces are allowed.
  3. Enter a Name (mandatory).
    The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
  4. Enter a Description (optional).
    Provide extra details about it, its purpose, responsible persons, etc.
    Up to 1050 characters.
  5. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.
    • The default value in Sumo Logic integration for Query delay is 4 minutes.
    Changing the query delay
    Changing the query delay can affect your SLI data.
    Learn more about query delay and its impact.
  6. Enter a Maximum Period for Historical Data Retrieval.
    • This value defines how far back in the past your data will be retrieved when replaying your SLO based on this data source.
    • The maximum period value depends on the data source.
      Find the maximum value for your data source.
    • A greater period can extend the loading time when creating an SLO.
      • The value must be a positive integer.
  7. Enter a Default Period for Historical Data Retrieval.
    • It is used by SLOs connected to this data source.
    • The value must be a positive integer or 0.
    • By default, this value is set to 0. When you set it to >0, you will create SLOs with Replay.
  8. Click Add Data Source.
  9. Deploy your agent in a Kubernetes cluster or Docker container.

YAML

  1. Create a YAML definition to set up an agent connection with Sumo Logic. For this, refer to the following example:
YAML definition for the agent connection method
apiVersion: n9/v1alpha
kind: Agent
metadata:
name: sumo-logic
displayName: Sumo Logic Agent
project: default
annotations:
area: latency
env: prod
region: us
team: sales
spec:
description: Example Sumo Logic Agent
releaseChannel: beta
sumoLogic:
url: https://service.sumologic.com
historicalDataRetrieval:
maxDuration:
value: 30
unit: Day
defaultDuration:
value: 15
unit: Day
queryDelay:
value: 5
unit: Minute
FieldTypeDescription
queryDelay.unit
mandatory
enumSpecifies the unit for the query delay. Possible values: Second | Minute.
• Check query delay documentation for default unit of query delay for each source.
queryDelay.value
mandatory
numericSpecifies the value for the query delay.
• Must be a number less than 1440 minutes (24 hours).
• Check query delay documentation for default unit of query delay for each source.
releaseChannel
mandatory
enumSpecifies the release channel. Accepted values: beta | stable.
Source-specific fields
sumologic.url
mandatory
stringService endpoint. See authentication section above for more details.
  1. Apply your YAML definition using the sloctl apply command.
  2. Deploy your agent in a Kubernetes cluster or Docker container.
Check out these related guides and references: