Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sumo Logic Cert Jam - Search Mastery

889 views

Published on

Designed for all Sumo users, this series deep-dives into every aspect of analyzing your data. Run as a "how-to" webinar, this session walks viewers through data searching, filtering, parsing, and advanced analytics. This series concludes with "how to"details to create dashboards and alerts to monitor your data and get Sumo Logic to work for you.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Sumo Logic Cert Jam - Search Mastery

  1. 1. Sumo Search Master Search Mastery Certification Become a
  2. 2. Sumo Logic confidential Course Agenda Hands-on Labs: Search, parse, and FERs Metrics and creating an alert Conditional & filtering operations Plotting on a map, formatting results, and moving averages 15 min. 15 min. 10 min. 15 min. Trends, outliers, and comparisons 15 min. Get certified60 min. Introduction & objectives5 min.
  3. 3. Sumo Logic Confidential Tutorial: Hands-on Exercises Level 2 Hands-on Labs: • Follow along using the labs found under Home > Certifications Training Environment: service.sumologic.com username: training+labs@sumologic.com password:
  4. 4. Sumo Logic Confidential Demo & Dataflow Reviewing the Basics
  5. 5. Sumo Logic Confidential Demo: Monitor and Troubleshoot ALERTS notify of a critical event METRICS to identify what’s going on LOGS to identify why it’s happening
  6. 6. Sumo Logic Confidential Sumo Logic Data Flow 1 2 3 Data Collection Search & Analyze Visualize & Monitor Operators Charts Collectors Sources Alerts Dashboards
  7. 7. Sumo Logic Confidential Filter and Provide Structure Search and Parse
  8. 8. Sumo Logic Confidential Sending Data ⇨ Metadata Metadata tags are associated with each log message that is collected. Tag Description _collector Name of the collector (defaults to hostname) _sourceHost Hostname of the server (defaults to hostname) _sourceName Name and Path of the log file _source Name of the source this data came through _sourceCategory Can be freely configured. Main metadata tag
  9. 9. Sumo Logic Confidential Search and Parse Search and Filter your data Search and Filter your data • _metadata • Keywords • Live Tail Parse fields to provide structure to your data • Query Parsing • Implement your Field Extraction Rules (?<>d)
  10. 10. Sumo Logic Confidential Data Analytics ⇨ Query Syntax Syntax: metadata Keywords and operators, separated by pipes, that build on top of each other parse filter aggregate format keywords _sourceCategory=Labs/Apache/Access and "Mozilla" | parse "GET * HTTP/1.1" * “ as url,status_code | where status_code matches “5*” | count by status_code | sort by _count | limit 3
  11. 11. Sumo Logic Confidential Simple Analytics Aggregation | count[] | sum | avg | min() | max() Conditional | if() | []matches[] | <>in() | filter | where Formatting | transpose | fields | limit | sort by | top
  12. 12. Sumo Logic Confidential Level 2 Certification: Hands-on Labs Labs 4-5: Conditional & Filtering Operations (5 ILT) ● Common operators: if, matches, in, filter, where Using Sumo Logic Lab 6: Plotting on a Map, Formatting Results ● Geo lookup, transpose Lab 8: Changes and Moving Averages (ILT) ● Common operators: Diff, smooth
  13. 13. Sumo Logic Confidential Outliers, Trends, Needle in the Haystack Advanced Analytics
  14. 14. Sumo Logic Confidential Advanced Analytics Outlier _sourceCategory=Labs/Apache/Access and status_code=404 | timeslice 1m | count(status_code) as error_count by _timeslice | outlier error_count Predict _sourceCategory=Labs/Apache/Access | timeslice 5m | count as requests by _timeslice | predict requests by 5m forecast=12
  15. 15. Sumo Logic Confidential Advanced Analytics Find the “needle in the haystack” by identifying patterns. Compare today’s patterns with patterns in the past. _sourceCategory=Labs/snort | logreduce _sourceCategory=Labs/snort | logcompare -24h LogReduce LogCompare
  16. 16. Sumo Logic Confidential Level 2 Certification: Hands-on Labs Labs 9-12: Advanced Analytics (Lab 12 ILT) ● Finding the needle in the haystack ● Comparing time periods ● Identifying Outliers ● Identifying Future trends ● Analyzing related logs Using Sumo Logic
  17. 17. Sumo Logic Confidential Analyzing your Metrics Sources, Dashboards and Alerts
  18. 18. Sumo Logic Confidential Ingesting Metrics Graphite-CompatibleAWS MetricsHost Metrics CollectD Dropwizard StatsD AWS CloudWatch Metrics AWS ECS ✓ Learn More: Setting up Host Metrics ✓ Learn More: Setting up AWS Metrics ✓ Learn More: Setting up Graphite Metrics
  19. 19. Sumo Logic Confidential Metrics Apps: Out-of-the-Box Content
  20. 20. Sumo Logic Confidential Logs and Metrics - Overlay ● Metrics identify the what. ● Logs help identify why. Overlay helps you correlate metrics to the relevant logs.
  21. 21. Sumo Logic Confidential Logs-to-Metrics What is it? Logs-to-Metrics is a feature which converts the results of a log search to a metric view. Converts to
  22. 22. Sumo Logic Confidential Logs-to-Metrics Analyzing time-series data is much faster than parsing and querying unstructured data. Metrics are retained for 13 months by default. Good for long-term KPIs or operational trends. High-performing, near real- time alerts optimized for time- series data. Performance Retention Alerting1 2 3 Why do this?
  23. 23. Sumo Logic Confidential Logs-to-Metrics How to create a metric from a log: 2 3 1
  24. 24. Sumo Logic Confidential Level 2 Certification: Hands-on Labs Labs 13: Analyzing your Metrics (Lab 14 ILT) ● Basic Analytics ● Logs-to-Metrics Using Sumo Logic Note: Lab 13 needs to run for -60m
  25. 25. Sumo Logic Confidential Dashboards and Alerts Monitoring your Data
  26. 26. Sumo Logic Confidential Monitoring Your Data Visualize your data through Dashboards ● Chart your Data ● Create Panels ● Share your Content! Receive notification of your Critical Events ● Schedule Your Searches ● Use Webhook Connections to reach your audience ● Create Meaningful Alerts
  27. 27. Sumo Logic Confidential Level 2 Certification: Hands-on Labs Lab 14: Relating your metrics and logs Using Sumo Logic Lab 15: Create meaningful alerts (ILT)
  28. 28. Sumo Logic Confidential “How To” Template to implement in your Environment Use Cases
  29. 29. Sumo Logic Confidential General Use Cases How to Create and Alert on Ratios or Percentages ● Outlier How to Compare and Alert on Historical Data ● Compare and Outlier Detect Patterns and Changes Across Environments and Time ● LogCompare Visualize Trends in Your Signatures ● LogReduce and Timeslice
  30. 30. Sumo Logic Confidential Where do I go from here? Training, Docs, Community, Support
  31. 31. Sumo Logic Confidential Explore the tutorials Need knowledge? ⇨ try the Learn tab
  32. 32. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Explore the tutorials
  33. 33. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Explore the tutorials
  34. 34. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Explore the tutorials
  35. 35. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Explore the tutorials
  36. 36. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials
  37. 37. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials Open a Support case
  38. 38. Sumo Logic Confidential Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials Open a Support case
  39. 39. Questions?
  40. 40. Sumo Logic Confidential Sumo Logic Confidential In order to get credit for the exam, In YOUR OWN INSTANCE, go to Certification Tab. • Online Exam • 30 Multiple choice questions • 60-minute time limit • 3 attempts • sumologic.talentlms.com Take the exam
  41. 41. Sumo Logic Confidential Sumo Logic Certification ● Make sure to log out of the training account you were using and sign in with your own account ● If you do not have a working login, go to sumologic.talentlms.com to sign up for an account
  42. 42. Sumo Logic Confidential Sumo Logic Confidential If you find your login is cycling back to the exam screen, do the following: ● Click on Help in the black left bar ● Click Community in the black left bar ● An email verification should be sent ● Once you verify, you should able to take the exam without any issues
  43. 43. For passing the exam, you will earn: ● SWAG ● A Certificate ● An invitation to our LinkedIn Group ● The respect of your peers ● Fame, Fortune and more... Jessica Robbens
  44. 44. Sumo Logic Confidential Please take our survey: https://forms.gle/2KMtxPuD 9cSYV8SJ6 How did we do?

×