Sumo Logic Log Data Processing
We wonder if it is possible in Sumo Logic in the data processing section as below.
Log/Data Processing
- Automatic parsing support for predefined formats for various log formats in Legacy systems
- Automatic parsing support for predefined formats for various log formats such as AWS and GCP
- Cost effective use of S3 buckets, available as data store
- Supports the ability to store and process data in in-memory format like mongodb inside
Thanks.
-
Official comment
Hello,
- Automatic parsing support for predefined formats for various log formats in Legacy systems
- Automatic parsing support for predefined formats for various log formats such as AWS and GCP
You can use the Processing rules that filter and can forward data sent to Sumo Logic from a Source based on created rules. However, it doesn’t have predefined formats.
If you’d like to parse fields from your log messages at the time the messages are ingested, you can use FER – Field Extraction Rules, which eliminate the need to parse fields at the query level. FER templates support predefined formats and are provided for common applications such as Apache Access, Akamai Cloud Monitor, AWS ELB, and Microsoft IIS logs. Instead of creating a parse expression, you can select a Template from the list, preview it, and then click to apply it.
- Cost effective use of S3 buckets, available as data store
To forward data to S3 buckets in a cost-effective matter, you can configure processing rules for data forwarding, to narrow down the scope of forwarded data (e.g. forwarding only the messages that contain “ERROR”)
-
Supports the ability to store and process data in in-memory format like mongodb inside
Sumologic uses physical indexes to store the data, so I believe we don't support the ability to store and process data in MongoDB way.
If you have any more questions or if something is still not clear, please follow up here, or with our support services.
Comment actions
Please sign in to leave a comment.
Comments
1 comment