The Sumo Logic Collector enables you to run saved search queries (using the Search Job API) in Anodot.
This article includes:
Creating a Sumo Logic data source
- In the Navigation Panel, go to Integrations > Catalog.
- Use the Search box OR click the APM filter to locate the data source.
- Hover over the Sumo Logic tile, and click Start. The Sumo Logic dialog is displayed, as shown below.
Note: If the data source has already been used, a dialog is displayed in which you can select from one of the listed sources. Alternatively, create a new source by clicking Add a new source. - Define the following:
- Data Center Location: Select the relevant data center from the dropdown list. Sumo Logic has several data centers that are assigned depending on the geographic location and the date an account is created. For more information, click here.
- Access ID: A unique Sumo Logic token for collecting data. For more information, click here.
- Access Key: A unique Sumo Logic key. For more information, click here.
- Click CONTINUE.
Creating a Sumo Logic stream query
If you have just created a Sumo Logic data source, skip to step 3.
- In the Sources page (accessed by clicking Integrations > Sourcesin the Navigation Panel), filter the list of streams to find the Sumo Logic source for which you want to create a stream query.
Note: The streams associated with that source are displayed. If the streams panel is empty, no stream queries exist for that source. - Hover over the Sumo Logic data source, and click + New Stream. The Stream Query page is displayed.
- Define your stream query settings in the following sections:
- Stream query: Click Compose Query to define a query, as shown in the example below.
Note the following when composing your query:- The query must contain the timeslice operation; use 1m, 5m, and 1h as the time-slicing options.
- The timeslice value must be smaller than or equal to the collection interval.
- _timeslice must be one of the outputs of the query; Anodot expects this value as the timestamp field.
- The query must contain aggregations.
For example: count by _timeslice, service, severity - Include a sort by clause to sort the _timeslice values in ascending order (asc).
- Do not use aliases in the query.
- Measures & Dimensions: After composing your query (see the previous bullet), the available measures and dimensions are displayed; this list can be modified as required by clicking the pencil icon.
- Stream Properties: Define a name and owner for the stream.
- Access Settings: Define if Everyone, None, or Selected Groups will have access to this stream and its data.
- Schedule file collection: Click the pencil icon to define the various scheduling settings, including the Collect Since value (the time span of data to query while initializing a stream).
- Stream query: Click Compose Query to define a query, as shown in the example below.
- Review the Stream Query page to confirm your chosen stream data.
- Click NEXT. The Stream Table is displayed; see Stream Tables for more information.