IBM Log Analysis with LogDNA is well suited if you are using other IBM cloud product ecosystems. It's very mature and supports HIPAA-compliant configurations if you need to store PI/PHI data. We particularly use it for audit requirements but understand the limitation with the retention period is for 30 days only. Also you need to configure if your IBM cloud service doesn't have any log collection or report tool. Log collection agents are widely supported for most of infrastructure in cloud.
SumoLogic is a fantastic log aggregator and analysis tool, a fine alternative to Splunk. Searching is powerful and mostly intuitive and results come fast. If you have application logs in clusters or Kubernetes pods that lose their logs every time they're restarted, Sumo is the solution for you
Sumo Logic allowed for our InfoSec team to ingest logs from our CDN directly, in real-time, instead of massive compressed archives that were sent every two-hours (the only alternative at the time). Sumo Logic had an app for these logs, that allowed us to easily get an immediate payoff from the data, with canned dashboard and saved searches.
Sumo Logic has a fairly extensive REST API when it comes to log sources, source configurations, dashboard data, searches, etc. Their wiki for the API is usually kept up to date.
Sumo Logic, during the period of time I had used their product, had added the ability to configure agents via configuration files. This allowed customers to configure their endpoints, and modify the endpoints, with configuration management tools like Chef / Puppet / Salt. Beforehand, the only option was to always make changes either via the web portal or REST API.
The solutions engineers were extremely helpful, and easily reachable when issues would occur.
Users at our company found it easy to get started, working on new dashboards, scheduled searches, and alerting. The alerting worked well with our third-party paging tool.
Sumo Logic is very powerful but definitely requires some configuration work to get the most out of it. You can get a certification related to this, but it is definitely not something you can just throw together.
I would give this rating because I attended a free Sumo Logic training at a WeWork in Chicago. I found the training very useful, and I learned a lot of features that I was not aware of before I went to the training. I like the idea that SumoLogic provides free training seminars. I am certified in level1, and I plan on certifying to level2.
I was satisfied with the implementation, as at the time, it was the best way to implement the product with the available feature sets in Sumo Logic. User creation and management became more of an issue during continued use, instead of it being an issue related to deploying the product in our environment.
If you use other IBM product ecosystems, IBM Log Analysis with LogDNA is the obvious choice, as it supports seamless integration and better access control with IBM cloud access group setups. IBM Log Analysis with LogDNA was flexible and has wide support for various infrastructure implementations and is also controlled by the same IAM access setup. It can be configured for any IBM cloud services or platform logs or for infrastructure by installing the agent.
Sumo Logic works very well out of the gate. For a small business it has given us what we need. I worked at a larger company previously, and we produced so many logs we had to create a custom logging service to handle them all. Cost and availability are big issues when deciding between the different services, whether self maintained and hosted, or provided by another company.
Most of IBM cloud services support easier integration for log analysis.
We are able to achieve compliance with various audit log reports, which improves governance and control over various cloud resources we have.
Also IBM Log Analysis with LogDNA helps in troubleshooting and analysis for application logs in real time. This helps with improved issue resolution timings.
