Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sumo Logic Cert Jam - Fundamentals

1,717 views

Published on

Brand new to Sumo Logic? Get started with these 5 easy steps and get certified!
Learn the basics for how to search, parse and analyze the logs and metrics that are important to your organization. This session will guide you through running searches, simple parsing and basic analytics on your data. Learn how to convert your queries to charts and add them to Dashboards to help you visualize trends and easily identify anomalies. Lastly, learn how Alerts can help you stay on top of your critical events.

Published in: Software
  • Be the first to comment

Sumo Logic Cert Jam - Fundamentals

  1. 1. Sumo Generalist Fundamentals Certification Become a
  2. 2. Sumo Logic confidential Course Agenda Demo our monitoring and troubleshooting Hands-on Labs: View all collected data Search, parse, and analyze data Trending analysis and monitor critical events 10 min. 10 min. 30 min. 20 min. Creating and modifying dashboards & create an alert30 min. Get certified as a Sumo Generalist Fundamentals60 min. Overview of Sumo logic10 min.
  3. 3. Sumo Logic confidential
  4. 4. Sumo Logic confidential Demo: Monitor and Troubleshoot ALERTS notify of a critical event METRICS to identify what’s going on LOGS to identify why it’s happening
  5. 5. Sumo Logic Confidential Demo & Dataflow 1. How does Sumo Logic help me?
  6. 6. Sumo Logic confidential Sumo Logic Data Flow Alerts Dashboards 3 Visualize & Monitor Operators Charts 2 Search & Analyze Collectors Sources 1 Data Collection
  7. 7. Sumo Logic confidentialLearn more: Set Up Sumo Logic Cloud-to-cloudSending Data From host, send local data Use centralized infrastructure
  8. 8. Sumo Logic Confidential Sending Data ⇨ Metadata Metadata tags are associated with each log message that is collected. Tag Description _collector Name of the collector (defaults to hostname) _sourceHost Hostname of the server (defaults to hostname) _sourceName Name and Path of the log file _source Name of the source this data came through _sourceCategory Can be freely configured. Main metadata tag (e.g. labs/apache/access)
  9. 9. Sumo Logic Confidential Tutorial: Hands-on Exercises Hands-on Labs: • Follow along using the labs found under Home > Certifications > Training Environment: service.sumologic.com username: training+labs@sumologic.com password:
  10. 10. Sumo Logic Confidential Fundamentals Certification In order to get credit for the exam, go to your own instance, and the to Certification Tab. • Online Exam • 30 Multiple choice questions • 60-minute time limit • 3 attempts
  11. 11. Sumo Logic Confidential What’s available to me? 2. What data can I analyze?
  12. 12. Sumo Logic Confidential What Data can I Analyze? Option 1 Explore your Collectors Option 2 Search for source categories
  13. 13. Sumo Logic Confidential Search, Parse, Analyze 3. How can I analyze my data?
  14. 14. Sumo Logic Confidential Data Analytics – Shared Content Has someone already analyzed this same data?
  15. 15. Sumo Logic Confidential Data Analytics – Sumo Logic Apps Is there an App for it? Search in the App Catalog and Install it.
  16. 16. Sumo Logic Confidential Hands-on Lab Complete Part 1: Viewing Data ● Sign in ● Identify data available ● Search for existing content from other users ● Install a Sumo Logic App Using Sumo Logic Tutorial
  17. 17. Sumo Logic Confidential Data Analytics ⇨ Query Syntax Syntax: metadata Keywords and operators, separated by pipes, that build on top of each other parse filter aggregate format keywords _sourceCategory=Labs/Apache/Access and "Mozilla" | parse "GET * HTTP/1.1" * “ as url,status_code | where status_code matches “5*” | count by status_code | sort by _count | limit 3
  18. 18. Sumo Logic Confidential Data Analytics ⇨ Query Syntax Syntax: Use metadata and keywords to narrow your search scope Results keyword metadata keyword | parse | filter | aggregate | format metadata + keywords
  19. 19. Sumo Logic Confidential Data Analytics ⇨ Query Syntax Syntax: Extract meaningful fields to provide structure to your data Parse Anchor: | parse " *@* " as user,domain Parse Regex: | parse regex "(?<src_ip>d{1,3} .d{1,3}.d{1,3}.d{1,3})” Other Parse Operators: csv, json, keyvalue, split, xml Learn more: Parse Operators | parse | filter | aggregate | format metadata + keywords
  20. 20. Sumo Logic Confidential Data Analytics ⇨ Query Syntax Syntax: Further filter results using your extracted fields where operator: | where !(status_code=304) in operator: | if(status_code in("501","502"), "Error","OK") as code_type Other Filter Operators: join, lookup, matches, filter, isEmpty, isNull, isBlank Learn more: Filter operator example | parse | filter | aggregate | format metadata + keywords
  21. 21. Sumo Logic Confidential Data Analytics ⇨ Query Syntax Syntax: Evaluate messages and place them into groups count operator: | count by status_code avg operator: | avg(size) by src_ip pct operator: | pct(filesize,75) by _sourceHost Other Aggregation Operators: sum, count_distinct, stddev, min, max Learn more: Aggregation operators | parse | filter | aggregate | format metadata + keywords
  22. 22. Sumo Logic Confidential Data Analytics ⇨ Query Syntax Syntax: Format to display desired results succinctly top operator: | top 5 src_ip by avg_size fields operator: | fields src_ip, avg_size transpose operator: | transpose row src_ip column url Other formatting Operators: format, formatdate, limit, sort Learn more: Trends over time using transpose | parse | filter | aggregate | format metadata + keywords
  23. 23. Sumo Logic Confidential Advanced Analytics Geo Lookup _sourceCategory=Labs/Apache/Access | lookup latitude, longitude from geo://default on ip=src_ip | count by latitude, longitude Outlier _sourceCategory=Labs/Apache/Access and status_code=404 | timeslice 1m | count(status_code) as error_count by _timeslice | outlier error_count Predict _sourceCategory=Labs/Apache/Access | timeslice 5m | count as requests by _timeslice | predict requests by 5m forecast=12
  24. 24. Sumo Logic Confidential Advanced Analytics Find the “needle in the haystack” by identifying patterns. Compare today’s patterns with patterns in the past. _sourceCategory=Labs/snort | logreduce _sourceCategory=Labs/snort | logcompare -24h LogReduce LogCompare
  25. 25. Sumo Logic Confidential Advanced Analytics Get real time view of your logs with Live Tail
  26. 26. Sumo Logic Confidential Hands-On Labs Complete Part 2: Search for Log Data ➔ Search and Parse Using Sumo Logic Tutorial Complete Part 3: Chart Your Data ➔ Aggregate ➔ Format ➔ Chart your data
  27. 27. Sumo Logic Confidential Dashboards and Alerts 4. How can I monitor my data?
  28. 28. Sumo Logic Confidential Monitoring - Dashboards • Each Panel processes results from a single search • Drill down into corresponding query or link to another Dashboard • Live Mode: provides live stream of data • Use Dashboards as templates with Filters
  29. 29. Let’s take a 15 min break Return promptly to play Kahoot 3 multiple choice questions The highest score wins a prize!
  30. 30. Sumo Logic Confidential Hands-On Labs Complete Part 4: Create and Share a Dashboard Using Sumo Logic Tutorial ➔ Create a Dashboard ➔ Change the Theme ➔ Share with your Organization Complete Part 5: Modify a Dashboard ➔ Modify the query of an existing Dashboard Panel
  31. 31. Sumo Logic Confidential Monitoring - Alerts Alert Types: ● Email ● Webhook ● Save to Index ● Script Action Scheduled Searches trigger Alerts when a condition is met. ➢ Learn More: 2 Key Principles for Creating Meaningful Alerts
  32. 32. Sumo Logic Confidential Hands-On Labs Complete Part 6: Create an Alert Using Sumo Logic Tutorial ➔ Schedule and test an Alert ➔ Delete Alert after testing
  33. 33. Sumo Logic Confidential Metrics Sources, Dashboards and Alerts
  34. 34. Sumo Logic Confidential Logs and Metrics - Overlay ● Metrics identify the what. ● Logs help identify why. Overlay helps you correlate metrics to the relevant logs.
  35. 35. Sumo Logic confidential Ingesting Metrics Graphite-CompatibleAWS MetricsHost Metrics CollectD Dropwizard StatsD AWS CloudWatch Metrics AWS ECS ✓ Learn More: Setting up Host Metrics ✓ Learn More: Setting up AWS Metrics ✓ Learn More: Setting up Graphite Metrics Telegraf
  36. 36. Sumo Logic Confidential Metrics - Dashboards and Alerts Dashboards can contain Metrics and Logs Panels Metric Monitors alert on thresholds (Critical, Warning, Missing Data)
  37. 37. Sumo Logic Confidential Training, Docs, Community, Support 5. Where do I go from here?
  38. 38. Sumo Logic Confidential Explore the tutorials Need knowledge? ⇨ try the Learn tab
  39. 39. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Explore the tutorials
  40. 40. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Explore the tutorials
  41. 41. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Explore the tutorials
  42. 42. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Explore the tutorials
  43. 43. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials
  44. 44. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials Open a Support case
  45. 45. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials Open a Support case
  46. 46. Questions?
  47. 47. Sumo Logic Confidential Sumo Logic Confidential Level 1 Certification: Pro User In order to get credit for the exam, In YOUR OWN INSTANCE, go to Certification Tab. • Online Exam • 30 Multiple choice questions • 60-minute time limit • 3 attempts • sumologic.talentlms.com
  48. 48. Sumo Logic Confidential Sumo Logic Certification ● Make sure to log out of the training account you were using and sign in with your own account ● If you do not have a working login, go to sumologic.talentlms.com to sign up for an account
  49. 49. Sumo Logic Confidential Sumo Logic Confidential If you find your login is cycling back to the exam screen, do the following: ● Click on Help in the black left bar ● Click Community in the black left bar ● An email verification should be sent ● Once you verify, you should able to take the exam without any issues
  50. 50. For passing the exam, you will earn: ● SWAG ● A Certificate ● An invitation to our LinkedIn Group ● The respect of your peers ● Fame, Fortune and more... Jessica Robbens
  51. 51. Sumo Logic Confidential Please take our survey: https://forms.gle/2KMtxPuD 9cSYV8SJ6 How did we do?

×