sumo logic quickstart webinar 10/15: how to analyze all your machine data
DESCRIPTION
QuickStart your Sumo Logic service with this exclusive webinar. At these monthly live events you will learn how to capitalize on critical capabilities that can amplify your log analytics and monitoring experience while providing you with meaningful business and IT insights.TRANSCRIPT
Sumo Logic QuickStart
October 15, 2014 Colin Corstorphine Customer Outreach Manager
Sumo Logic Confiden?al
! Introduc?on ! What’s New ! Tips and Tricks ! Searching and Parsing Data ! Basic Dashboards ! Q&A
Agenda
Sumo Logic Confiden?al 2
Real-‐Time Analy?cs
! Cloud – Simple to deploy, no maintenance required
The Sumo Logic Difference
Sumo Logic Confiden?al 3
LogReduce
Elas?c Scalability
Cloud ! Elas?c scalability
– Horsepower to process all your IT data
! PaUern recogni?on with LogReduce™ – Enables anomaly detec?on
! Real-‐?me Analy?cs – IT and business insights in real ?me
Logs and the Enterprise
Sumo Logic Confiden?al 4
Custom App Code
Server / OS
Virtualiza?on
Databases
Network
Open Source So[ware
Middleware
What’s New
Sumo Logic Confiden?al
! Field Extrac?on – Allows you to parse upon ingest which saves ?me and effort when you have a set of fields that are commonly needed from a log.
! Pinned Searches – Allows you to keep a search running (even if the browser window closes) and return to it later and have the results saved.
Field Extrac?on & Pinned Searches
Sumo Logic Confiden?al 6
Tips and Tricks
Sumo Logic Confiden?al
Account Preferences
Sumo Logic Confiden?al
Session Timeout
Query Edi?ng/Running
Searching and Parsing Data
Sumo Logic Confiden?al
Search Basic Overview
Sumo Logic Confiden?al
Search Bar
Time Range
Histogram
Search Results
Display
! Enter keywords and operators (separated by |) that build on top of each other
Search Syntax Flow
Sumo Logic Confiden?al
Keyword Iden?fica?on
Data Classifica?on
Ac?ons and Opera?ons
Display Configura?on
Desired Results
! Full-‐text search expressions enable you to search for mul?ple terms and logical expressions – Case insensi?ve – Wildcard support – Metadata field – Boolean logic
• Complete (AND/OR) • Implicit AND
Keyword Expression
Sumo Logic Confiden?al
! Metadata tags are associated to your log messages when data is collected and are set during Source/Collector configura?on.
Metadata Fields
Sumo Logic Confiden?al
Name Descrip,on
_collector Name of collector when installed
_source Name of the source defined during configura?on
_sourceHost The host name of the source
_sourceCategory Category associated with the source
_sourceName The name of the log file (including path)
! Metadata can be used with keyword search – Use with an underscore to invoke them
Metadata Fields
Sumo Logic Confiden?al
! The data available to your search request is determined by the selected ?me range. – Pre-‐populated
• Last 15 Minutes • Last 3 Hours • Today
– Absolute • 12:25 12:30 • 8/11 12:00 8/11 13:00
– Rela?ve • -‐5m • -‐2h • -‐2h -‐1h
Time Range
Sumo Logic Confiden?al 15
! Combina?on of boolean logic, wild-‐cards and metadata (Error* OR fail* OR except*) AND _sourceCategory=*apache*
Example 1
Sumo Logic Confiden?al 16
! Exact string matching (_sourceCategory=Apache/Access AND !"Macintosh; Intel Mac OS X 10_6_8") AND *GET
Example 2
Sumo Logic Confiden?al 17
! Adding a metadata field value
Refining results based on keywords
Sumo Logic Confiden?al 18
Refining Results by Surrounding Messages
Sumo Logic Confiden?al
! LogReduce uses fuzzy logic and so[ matching to cluster messages providing quick inves?ga?on view into your environment.
(Error OR fail*)
Looking for the Unknown
Sumo Logic Confiden?al 20
Result Sets
! LogReduce uses fuzzy logic and so[ matching to cluster messages providing quick inves?ga?on view into your environment.
(Error OR fail*)| summarize
Looking for the Unknown
Sumo Logic Confiden?al 21
! Parsing enables a user to extract parts of a message and classify them as fields. – A specific key/value you want to extract – Enables you to perform addi?onal opera?ons
• Logical/condi?onal – based on values • Mathema?cal – opera?ons on value sets
! Ways of defining fields – Parse anchor: leverages start and stop anchors – Parse regex: extracts nested informa?on via regex – Pre-‐defined parsers: predefined libraries of named fields – Field extrac?on
Extrac?ng addi?onal labels/fields
Sumo Logic Confiden?al 22
! Single field example
Parse Anchor Using the UI
Sumo Logic Confiden?al 23
! The count Operator enables you to group messages that match a classifica?on – No Group: provides a total message count
• Ex: * | count • Ex: : * | count as mycount
The count operator
Sumo Logic Confiden?al 24
! Dissec?ng your result sets using metadata fields – Ability to aggregate results sets and grouping them by metadata fields • EX: _collector=*apache* | count by _sourceCategory
– Get a count of grouped result sets • Ex: (Error OR fail*)| count by _sourcecategory , _sourcehost
– Organize Results by Count • Ex: _collector=*apache*| count by _sourceCategory | sort by _count
Leveraging Metadata for grouping
Sumo Logic Confiden?al 25
! Timeslice operator enables you to segment your results by ?me buckets – Minute (?meslice by 5m) – Hour (?meslice by 1h) – Day (?meslice by 1d)
Time-‐based Grouping
Sumo Logic Confiden?al 26
! Now that you have grouped your data there’s different ways of displaying your result sets
! Icons of different charts – Table – Pie – Bar – Line – Area
Providing Context through Visualiza?on
Sumo Logic Confiden?al 27
! Dashboards contain a collec?on of real-‐?me Monitors that provide a graphical representa?on of your data – Each Monitor processes messages as they are received – Drilldown for addi?onal analysis – Choose from several chart types
Introduc?on to Dashboards
Sumo Logic Confiden?al 28
! Perform search
Dashboard: Adding a Monitor
Sumo Logic Confiden?al 29
Installing Applica?ons
Sumo Logic Confiden?al 30
Ques?ons?
Sumo Logic Confiden?al
! Tuesday, November 4th, 10AM PST/ 1PM EST – Tech Chat: What’s New in Sumo Logic
• Pinned Searches and Field Extrac?on
! Thursday, November 6th, 10AM PST/ 1PM EST – QuickStart Webinar
Coming up…
Sumo Logic Confiden?al 32
! Post and respond to ques?ons
! Submit feature requests (& vote on others)
! Submit “?ps and tricks” based on what you learn
Engage With The Sumo Logic Community
Sumo Logic Confiden?al 33
Click on the Community sec?on at
h0ps://support.sumologic.com/home
! Reques?ng help via Support a[er consul?ng the Community
! Search our docs for more detail
! Consider Professional Services offerings – In-‐depth training – Integra?on and use case development
– Contact your sales rep or support for details
! Invite your colleagues to future webinars
customer-‐[email protected]
Don’t forget
Sumo Logic Confiden?al 34