SlideShare ist ein Scribd-Unternehmen logo

Welcome Webinar Slides

Als PPTX, PDF herunterladen
Sumo Logic
Sumo Logic

Welcome Webinar Slides

Technologie
1 von 32
Welcome Webinar John Merideth Technical Trainer jmerideth@sumologic.com
Sumo Logic confidential Course Agenda Data collection Search and analyze 15 min. 15 min. Visualize and monitor 15 min. Q & A Overview 5 min. 15 min.
Sumo Logic confidential Our analytics Your data Sumo Logic Continuous Intelligence PlatformTM Operational Intelligence Security Intelligence Business Intelligence Global Intelligence Your people DevOps Engineering IT Ops Customer Product Data SecOps Success Scientist Apps MicroServices Cloud Systems & SaaS Service Mobile devices 3rd Party infrastructure systems & feeds Multi-tenant Scalable & Machine API Advanced Security & elastic learning analytics monitoring
Sumo Logic confidential Sumo Logic Data Flow Alerts Dashboards 3 Visualize & Monitor Operators Charts 2 Search & Analyze Collectors Sources 1 Data Collection
Sumo Logic confidential Login to training environment url: service.sumologic.com email: training+analyst###@sumologic.com password: Security21! ### - a number between 001-999, for example training+analyst057@sumologic.com Note: Place your ### number into chat so that everyone knows not to use the one you selected
7 Collectors Sources 1 Data Collection Data Collection Activity 1 1. In the left navigation pane click Manage Data> Collection > Collection 2. In the magnifying glass enter okta and press return 3. Notice the two collectors and the sources of data below them
Sumo Logic confidential Host Metrics Logs-to- Metrics Docker Stats AWS Metrics + Metadata Streaming Metrics HTTP Metrics
Sumo Logic confidential Sends the data to the Sumo service Encrypts and compresses the data Installed Collector Overview Collects logs and metrics from its Sources Installed Collector Java Agent
Sumo Logic confidential Sending Data ⇨ Metadata Metadata tags are associated with each log message that is collected. Tag Description _collector Name of the collector (defaults to hostname) _sourceHost Hostname of the server (defaults to hostname) _sourceName Name and Path of the log file _source Name of the source this data came through _sourceCategory Can be freely configured. Main metadata tag (e.g. labs/apache/access)
Sumo Logic confidential Metadata: Source Category Best Practices and Benefits Common components (and any combination of): • Environment (Prod/UAT/DEV) • Application Name • Geographic Information (East vs West datacenter, office location, etc.) • AWS Region • Business Unit Highest level components should group the data how it is most often search together: Prod/Web/Apache/Access Dev/Web/Apache/Access Prod/DB/MySQL/Error Dev/DB/MySQL/Error Web/Apache/Access/Prod Web/Apache/Access/Dev DB/MySQL/Error/Prod DB/MySQL/Error/Dev
Sumo Logic confidential What Data can I Analyze? Option 1 Explore your Collectors Option 2 Search for source categories
Sumo Logic confidential Operators Charts 2 Search & Analyze Search & Analyze Activity 2 1. To open a query, at the top, click +New and select Log Search 2. At the top query builder paste the following code (I will put in chat for you to copy) _sourceCategory=Labs/Apache/Access and "Mozilla" | parse ""GET *" * " as url,status_code | where status_code matches "5*" | count by status_code | sort by _count 1. You can modify the time to Last 60 minutes and click Start 2. You will have a table displayed and you can click on other chart types
Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: metadata Keywords and operators, separated by pipes, that build on top of each other parse filter aggregate format keywords _sourceCategory=Labs/Apache/Access and "Mozilla" | parse ""GET *" * " as url,status_code | where status_code matches “5*” | count by status_code | sort by _count | limit 3
Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Use metadata and keywords to narrow your search scope Results keyword metadata keyword | parse | filter | aggregate | format metadata + keywords _sourceCategory=Labs/Apache/Access and "Mozilla"
Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Extract meaningful fields to provide structure to your data Parse Anchor: | parse " *@* " as user,domain Parse Regex: | parse regex "(?<src_ip>d{1,3} .d{1,3}.d{1,3}.d{1,3})” Other Parse Operators: csv, json, keyvalue, split, xml Learn more: Parse Operators | parse | filter | aggregate | format metadata + keywords
Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Further filter results using your extracted fields where operator: | where !(status_code=304) in operator: | if(status_code in("501","502"), "Error","OK") as code_type Other Filter Operators: join, lookup, matches, filter, isEmpty, isNull, isBlank Learn more: Filter operator example | parse | filter | aggregate | format metadata + keywords
Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Evaluate messages and place them into groups count operator: | count by status_code avg operator: | avg(size) by src_ip pct operator: | pct(filesize,75) by _sourceHost Other Aggregation Operators: sum, count_distinct, stddev, min, max Learn more: Aggregation operators | parse | filter | aggregate | format metadata + keywords
Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Format to display desired results succinctly top operator: | top 5 src_ip by avg_size fields operator: | fields src_ip, avg_size transpose operator: | transpose row src_ip column url Other formatting Operators: format, formatdate, limit, sort Learn more: Trends over time using transpose | parse | filter | aggregate | format metadata + keywords
Sumo Logic confidential Advanced Analytics Geo Lookup _sourceCategory=Labs/Apache/Access | lookup latitude, longitude from geo://default on ip=src_ip | count by latitude, longitude Outlier _sourceCategory=Labs/Apache/Access and status_code=404 | timeslice 1m | count(status_code) as error_count by _timeslice | outlier error_count Predict _sourceCategory=Labs/Apache/Access | timeslice 5m | count as requests by _timeslice | predict requests by 5m forecast=12 Log operators Cheat Sheet: https://help.sumologic.com/05Search/Search-Cheat- Sheets/Log-Operators-Cheat-Sheet
Sumo Logic confidential Advanced Analytics Find the “needle in the haystack” by identifying patterns. Compare today’s patterns with patterns in the past. _sourceCategory=Labs/snort | logreduce _sourceCategory=Labs/snort | logcompare timeshift -24h LogReduce LogCompare
Sumo Logic confidential Alerts Dashboards 3 Visualize & Monitor Visualize & Monitor Activity 3 1. To create a dashboard, in the middle right click Add to Dashboard 2. In the popup window under Panel Title enter Track 500s under Dashboard enter Apache_db_<your initials###> 1. At the bottom of the popup click Add 1. To create an alert, in the left navigation pane click Manage Data> Alert 2. In the upper right corner click Add and select New Monitor
Sumo Logic confidential Monitoring - Dashboards • Each Panel processes results from a single search • Drill down into corresponding query or link to another Dashboard • Live Mode: provides live stream of data • Use Dashboards as templates with Filters
Sumo Logic confidential Sumo Logic Data Flow Alerts Dashboards 3 Visualize & Monitor Operators Charts 2 Search & Analyze Collectors Sources 1 Data Collection What else may we address for you?
Sumo Logic confidential • Onboarding Checklist https://help.sumologic.com/01Sta rt-Here/Onboarding_Checklist • Take the training https://www.sumologic.com/learn /training/ • Read the docs https://help/sumologic.com Want to learn more?
Sumo Logic Confidential Thank you
Sumo Logic Confidential Sumo Logic Confidential Which Topic would you like covered next? (Single Choice) Answer 1: Logreduce Operator Answer 2: New Dashboards Answer 3: Best Practices for Search Queries Answer 4: Partitions Answer 5: Collector Setup Optimization
Sumo Logic confidential LogReduce – Foundation for Anomaly Detection Reduce hundreds of thousands of pages of results into a single page of meaningful patterns. Under the Covers: • LogReduce deconstructs log messages into their most basic patterns to facilitate overall behavioral analysis – at the printf level • Log messages are converted into unique hashed signatures – these signatures are the building blocks of anomaly detection – Events that occur more than others (e.g. errors flooding your logs) – Events that occur very infrequently but are important (e.g. rare exception) • Edit each signature to tailor each experience • Benefit from machine learning that improves over time based on your data and activity
Sumo Logic confidential New Dashboards • New charts, like Honeycomb • Full control over look and feel with JSON • Build panels directly in the dashboard • Advanced filtering and metrics query building • Basic charts, like time series and categorical • Few color and font choices • Panels created from search and metrics tabs • Limited filters and queries • Still supported Classic Dashboard New Dashboard About New dashboards: https://help.sumologic.com/Visualizations-and- Alerts/Dashboard_(New)/About_Dashboard_(New)
Sumo Logic confidential Best Practices for Search Queries
Sumo Logic confidential Partitions
Sumo Logic confidential Collector Setup Optimization
Sumo Logic Confidential Thank you

Empfohlen

Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security Analytics
Sumo Logic
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
Georg Knon
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - Fundamentals
Sumo Logic
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 

Empfohlen

Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security Analytics
Sumo Logic
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
Georg Knon
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - Fundamentals
Sumo Logic
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands On
Splunk
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
 
Complex Event Processing with Esper
Complex Event Processing with EsperComplex Event Processing with Esper
Complex Event Processing with Esper
António Alegria
 
Sumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - Administration
Sumo Logic
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
Pituphong Yavirach
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022
Liran Tal
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
Michael Gough
 
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web Attacks
Vivek Sinha Anurag
 
Security testing
Security testingSecurity testing
Security testing
Tabăra de Testare
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptx
neoalt
 
Compliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” PrinciplesCompliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” Principles
Amazon Web Services
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk
 
Splunk Search Optimization
Splunk Search OptimizationSplunk Search Optimization
Splunk Search Optimization
Splunk
 
Breaking The Cloud Kill Chain
Breaking The Cloud Kill ChainBreaking The Cloud Kill Chain
Breaking The Cloud Kill Chain
Puma Security, LLC
 
Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017
Sumo Logic
 
Sumo Logic QuickStat - Apr 2017
Sumo Logic QuickStat - Apr 2017Sumo Logic QuickStat - Apr 2017
Sumo Logic QuickStat - Apr 2017
Sumo Logic
 

Weitere ähnliche Inhalte

Was ist angesagt?

Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022
Liran Tal
 

Was ist angesagt? (20)

Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands On
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
 
Complex Event Processing with Esper
Complex Event Processing with EsperComplex Event Processing with Esper
Complex Event Processing with Esper
 
Sumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - Administration
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
 
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web Attacks
 
Security testing
Security testingSecurity testing
Security testing
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
 
Introduction to SIEM.pptx
Introduction to SIEM.pptxIntroduction to SIEM.pptx
Introduction to SIEM.pptx
 
Compliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” PrinciplesCompliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” Principles
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
 
Splunk Search Optimization
Splunk Search OptimizationSplunk Search Optimization
Splunk Search Optimization
 
Breaking The Cloud Kill Chain
Breaking The Cloud Kill ChainBreaking The Cloud Kill Chain
Breaking The Cloud Kill Chain
 

Ähnlich wie Welcome Webinar Slides

Ähnlich wie Welcome Webinar Slides (20)

Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017
 
Sumo Logic QuickStat - Apr 2017
Sumo Logic QuickStat - Apr 2017Sumo Logic QuickStat - Apr 2017
Sumo Logic QuickStat - Apr 2017
 
Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016
 
Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016
 
Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017
 
Sumo Logic QuickStart Webinar July 2016
Sumo Logic QuickStart Webinar July 2016Sumo Logic QuickStart Webinar July 2016
Sumo Logic QuickStart Webinar July 2016
 
Sumo Logic quickStart Webinar June 2016
Sumo Logic quickStart Webinar June 2016Sumo Logic quickStart Webinar June 2016
Sumo Logic quickStart Webinar June 2016
 
Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016
 
Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018
 
Sumo Logic Quick Start - Feb 2016
Sumo Logic Quick Start - Feb 2016Sumo Logic Quick Start - Feb 2016
Sumo Logic Quick Start - Feb 2016
 
Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018
 
Sumo Logic QuickStart Webinar
Sumo Logic QuickStart WebinarSumo Logic QuickStart Webinar
Sumo Logic QuickStart Webinar
 
Sumo Logic Quickstart Training 10/14/2015
Sumo Logic Quickstart Training 10/14/2015Sumo Logic Quickstart Training 10/14/2015
Sumo Logic Quickstart Training 10/14/2015
 
Sumo Logic QuickStart - May 2016
Sumo Logic QuickStart - May 2016Sumo Logic QuickStart - May 2016
Sumo Logic QuickStart - May 2016
 
Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017
 
Sumo Logic QuickStart
Sumo Logic QuickStartSumo Logic QuickStart
Sumo Logic QuickStart
 
Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017
 
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get CertifiedSumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get Certified
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & Compliance
 

Mehr von Sumo Logic

Machine Analytics: Correlate Your Logs and Metrics
Machine Analytics: Correlate Your Logs and MetricsMachine Analytics: Correlate Your Logs and Metrics
Machine Analytics: Correlate Your Logs and Metrics
Sumo Logic
 
Bring your Graphite-compatible metrics into Sumo Logic
Bring your Graphite-compatible metrics into Sumo LogicBring your Graphite-compatible metrics into Sumo Logic
Bring your Graphite-compatible metrics into Sumo Logic
Sumo Logic
 

Mehr von Sumo Logic (17)

Welcome Webinar PDF
Welcome Webinar PDFWelcome Webinar PDF
Welcome Webinar PDF
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
 
Sumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search MasterySumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search Mastery
 
Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018
 
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOps
 
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
 
Machine Analytics: Correlate Your Logs and Metrics
Machine Analytics: Correlate Your Logs and MetricsMachine Analytics: Correlate Your Logs and Metrics
Machine Analytics: Correlate Your Logs and Metrics
 
Scaling Your Tools for Your Modern Application
Scaling Your Tools for Your Modern ApplicationScaling Your Tools for Your Modern Application
Scaling Your Tools for Your Modern Application
 
Sumo Logic Search Job API
Sumo Logic Search Job APISumo Logic Search Job API
Sumo Logic Search Job API
 
Bring your Graphite-compatible metrics into Sumo Logic
Bring your Graphite-compatible metrics into Sumo LogicBring your Graphite-compatible metrics into Sumo Logic
Bring your Graphite-compatible metrics into Sumo Logic
 
Sumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled SearchesSumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled Searches
 

Kürzlich hochgeladen

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 

Welcome Webinar Slides

  • 1. Welcome Webinar John Merideth Technical Trainer jmerideth@sumologic.com
  • 2. Sumo Logic confidential Course Agenda Data collection Search and analyze 15 min. 15 min. Visualize and monitor 15 min. Q & A Overview 5 min. 15 min.
  • 3. Sumo Logic confidential Our analytics Your data Sumo Logic Continuous Intelligence PlatformTM Operational Intelligence Security Intelligence Business Intelligence Global Intelligence Your people DevOps Engineering IT Ops Customer Product Data SecOps Success Scientist Apps MicroServices Cloud Systems & SaaS Service Mobile devices 3rd Party infrastructure systems & feeds Multi-tenant Scalable & Machine API Advanced Security & elastic learning analytics monitoring
  • 4. Sumo Logic confidential Sumo Logic Data Flow Alerts Dashboards 3 Visualize & Monitor Operators Charts 2 Search & Analyze Collectors Sources 1 Data Collection
  • 5. Sumo Logic confidential Login to training environment url: service.sumologic.com email: training+analyst###@sumologic.com password: Security21! ### - a number between 001-999, for example training+analyst057@sumologic.com Note: Place your ### number into chat so that everyone knows not to use the one you selected
  • 6. 7 Collectors Sources 1 Data Collection Data Collection Activity 1 1. In the left navigation pane click Manage Data> Collection > Collection 2. In the magnifying glass enter okta and press return 3. Notice the two collectors and the sources of data below them
  • 7. Sumo Logic confidential Host Metrics Logs-to- Metrics Docker Stats AWS Metrics + Metadata Streaming Metrics HTTP Metrics
  • 8. Sumo Logic confidential Sends the data to the Sumo service Encrypts and compresses the data Installed Collector Overview Collects logs and metrics from its Sources Installed Collector Java Agent
  • 9. Sumo Logic confidential Sending Data ⇨ Metadata Metadata tags are associated with each log message that is collected. Tag Description _collector Name of the collector (defaults to hostname) _sourceHost Hostname of the server (defaults to hostname) _sourceName Name and Path of the log file _source Name of the source this data came through _sourceCategory Can be freely configured. Main metadata tag (e.g. labs/apache/access)
  • 10. Sumo Logic confidential Metadata: Source Category Best Practices and Benefits Common components (and any combination of): • Environment (Prod/UAT/DEV) • Application Name • Geographic Information (East vs West datacenter, office location, etc.) • AWS Region • Business Unit Highest level components should group the data how it is most often search together: Prod/Web/Apache/Access Dev/Web/Apache/Access Prod/DB/MySQL/Error Dev/DB/MySQL/Error Web/Apache/Access/Prod Web/Apache/Access/Dev DB/MySQL/Error/Prod DB/MySQL/Error/Dev
  • 11. Sumo Logic confidential What Data can I Analyze? Option 1 Explore your Collectors Option 2 Search for source categories
  • 12. Sumo Logic confidential Operators Charts 2 Search & Analyze Search & Analyze Activity 2 1. To open a query, at the top, click +New and select Log Search 2. At the top query builder paste the following code (I will put in chat for you to copy) _sourceCategory=Labs/Apache/Access and "Mozilla" | parse ""GET *" * " as url,status_code | where status_code matches "5*" | count by status_code | sort by _count 1. You can modify the time to Last 60 minutes and click Start 2. You will have a table displayed and you can click on other chart types
  • 13. Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: metadata Keywords and operators, separated by pipes, that build on top of each other parse filter aggregate format keywords _sourceCategory=Labs/Apache/Access and "Mozilla" | parse ""GET *" * " as url,status_code | where status_code matches “5*” | count by status_code | sort by _count | limit 3
  • 14. Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Use metadata and keywords to narrow your search scope Results keyword metadata keyword | parse | filter | aggregate | format metadata + keywords _sourceCategory=Labs/Apache/Access and "Mozilla"
  • 15. Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Extract meaningful fields to provide structure to your data Parse Anchor: | parse " *@* " as user,domain Parse Regex: | parse regex "(?<src_ip>d{1,3} .d{1,3}.d{1,3}.d{1,3})” Other Parse Operators: csv, json, keyvalue, split, xml Learn more: Parse Operators | parse | filter | aggregate | format metadata + keywords
  • 16. Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Further filter results using your extracted fields where operator: | where !(status_code=304) in operator: | if(status_code in("501","502"), "Error","OK") as code_type Other Filter Operators: join, lookup, matches, filter, isEmpty, isNull, isBlank Learn more: Filter operator example | parse | filter | aggregate | format metadata + keywords
  • 17. Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Evaluate messages and place them into groups count operator: | count by status_code avg operator: | avg(size) by src_ip pct operator: | pct(filesize,75) by _sourceHost Other Aggregation Operators: sum, count_distinct, stddev, min, max Learn more: Aggregation operators | parse | filter | aggregate | format metadata + keywords
  • 18. Sumo Logic confidential Data Analytics ⇨ Query Syntax Syntax: Format to display desired results succinctly top operator: | top 5 src_ip by avg_size fields operator: | fields src_ip, avg_size transpose operator: | transpose row src_ip column url Other formatting Operators: format, formatdate, limit, sort Learn more: Trends over time using transpose | parse | filter | aggregate | format metadata + keywords
  • 19. Sumo Logic confidential Advanced Analytics Geo Lookup _sourceCategory=Labs/Apache/Access | lookup latitude, longitude from geo://default on ip=src_ip | count by latitude, longitude Outlier _sourceCategory=Labs/Apache/Access and status_code=404 | timeslice 1m | count(status_code) as error_count by _timeslice | outlier error_count Predict _sourceCategory=Labs/Apache/Access | timeslice 5m | count as requests by _timeslice | predict requests by 5m forecast=12 Log operators Cheat Sheet: https://help.sumologic.com/05Search/Search-Cheat- Sheets/Log-Operators-Cheat-Sheet
  • 20. Sumo Logic confidential Advanced Analytics Find the “needle in the haystack” by identifying patterns. Compare today’s patterns with patterns in the past. _sourceCategory=Labs/snort | logreduce _sourceCategory=Labs/snort | logcompare timeshift -24h LogReduce LogCompare
  • 21. Sumo Logic confidential Alerts Dashboards 3 Visualize & Monitor Visualize & Monitor Activity 3 1. To create a dashboard, in the middle right click Add to Dashboard 2. In the popup window under Panel Title enter Track 500s under Dashboard enter Apache_db_<your initials###> 1. At the bottom of the popup click Add 1. To create an alert, in the left navigation pane click Manage Data> Alert 2. In the upper right corner click Add and select New Monitor
  • 22. Sumo Logic confidential Monitoring - Dashboards • Each Panel processes results from a single search • Drill down into corresponding query or link to another Dashboard • Live Mode: provides live stream of data • Use Dashboards as templates with Filters
  • 23. Sumo Logic confidential Sumo Logic Data Flow Alerts Dashboards 3 Visualize & Monitor Operators Charts 2 Search & Analyze Collectors Sources 1 Data Collection What else may we address for you?
  • 24. Sumo Logic confidential • Onboarding Checklist https://help.sumologic.com/01Sta rt-Here/Onboarding_Checklist • Take the training https://www.sumologic.com/learn /training/ • Read the docs https://help/sumologic.com Want to learn more?
  • 26. Sumo Logic Confidential Sumo Logic Confidential Which Topic would you like covered next? (Single Choice) Answer 1: Logreduce Operator Answer 2: New Dashboards Answer 3: Best Practices for Search Queries Answer 4: Partitions Answer 5: Collector Setup Optimization
  • 27. Sumo Logic confidential LogReduce – Foundation for Anomaly Detection Reduce hundreds of thousands of pages of results into a single page of meaningful patterns. Under the Covers: • LogReduce deconstructs log messages into their most basic patterns to facilitate overall behavioral analysis – at the printf level • Log messages are converted into unique hashed signatures – these signatures are the building blocks of anomaly detection – Events that occur more than others (e.g. errors flooding your logs) – Events that occur very infrequently but are important (e.g. rare exception) • Edit each signature to tailor each experience • Benefit from machine learning that improves over time based on your data and activity
  • 28. Sumo Logic confidential New Dashboards • New charts, like Honeycomb • Full control over look and feel with JSON • Build panels directly in the dashboard • Advanced filtering and metrics query building • Basic charts, like time series and categorical • Few color and font choices • Panels created from search and metrics tabs • Limited filters and queries • Still supported Classic Dashboard New Dashboard About New dashboards: https://help.sumologic.com/Visualizations-and- Alerts/Dashboard_(New)/About_Dashboard_(New)
  • 29. Sumo Logic confidential Best Practices for Search Queries
  • 31. Sumo Logic confidential Collector Setup Optimization