Sumologic Reflector Lambda _sourceCatagory Overwrite

Follow
Avatar
Muhammad Hassan

 Hi,

 

We are planning to implement a solution where a single lambda would receive all other lambda logs and send them to Sumologic via an endpoint. The lambdas belong to different services and we plan to set Source Category within the lambda so we can easily search based on services.

We currently have a setup where each service has its own lambda and its own endpoint to which it pushes, but its getting harder to maintain.

So is it safe to base our solution on the feature that if we overwrite the _sourceCategory from Sumologic log reflector lambda, this behavior wont change on Sumologic's end? It works at the moment but what I am really concerned about is if this is a feature or a bug?

 

Regards,

Hassan

0

Comments

4 comments

Sort by Date Votes
  • Avatar
    Nick Wilson

    Hi Hassan,

    That's correct, if you overwrite the source category, it will continue to function like that. We actually use this feature all the time internally.

    I do want to make sure I'm understanding correctly though - you have any number of Lambda functions that will now forward to a central Lambda, which will then post to a Sumo HTTP collector endpoint? I'm assuming then that your centralized Lambda will passthrough the sourceCategory that was given to it by the previous Lambda?

    As far as throttling, that's based on your total ingest - not per collector or source or anything like that: https://help.sumologic.com/Manage/Ingestion-and-Volume/01Manage-Ingestion#Throttling

    So as long as your total ingest rate stays the same after setting up this architecture, you will be okay.

    I'm not familiar with shards, but it sounds like they're related to indexes? Indexes in Sumo are based on partitions which can have various definitions. The exact implications would depend on how your partitions are set up.

    I hope this helps!

    Thanks,
    Nick
    Customer Success Manager

    1
    Comment actions Permalink
  • Avatar
    Nick Wilson

    Hi Hassan,

    Just to clarify - are you asking if it's safe to use the _sourceCategory override feature on an installed collector?

    Thanks,
    Nick
    Customer Success Manager, Sumo Logic

    0
    Comment actions Permalink
  • Avatar
    Muhammad Hassan

    Yes, I want to be sure that if I overwrite _sourceCategory on lambda that is sending logs to the endpoint, it will keep functioning like that in future (it will keep overwriting any _sourceCategory written when setting up the end point in Sumologic).

    Also wanted to see if you think we will hit some issue when using a single lambda to push logs from AWS and a single end point to receive it on Sumologic like throttling or shards etc.

     

    Thanks!

    0
    Comment actions Permalink
  • Avatar
    Muhammad Hassan

    Thanks Nick for the reply, this clears up a few things for me. Am going to search for how indexing works on Sumologic to be sure I set up things correctly.

     

    Regards,

    Hassan

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post