Skip to main content
TrustRadius
Sumo Logic

Sumo Logic

Overview

What is Sumo Logic?

Sumo Logic is a log management offering from the San Francisco based company of the same name.

Read more
Recent Reviews

TrustRadius Insights

Sumo Logic is a versatile tool that is widely used in an enterprise setting by developers, system engineers, management, and InfoSec …
Continue reading

Sumo Logic

7 out of 10
July 22, 2021
Incentivized
Sumo Logic is used purely within the corporate IT area of the business as a limited access storage location for logs as part of a larger …
Continue reading
Read all reviews
Return to navigation

Pricing

View all pricing

Essentials

$3.00

Cloud
Per GB Logs

Enterprise

$4.00

Cloud
Per GB Logs

Enterprise Security

$4.25

Cloud
Per GB Logs

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

Sumo Logic Search Job API

YouTube

Sumo Logic: Unified Logs and Metrics

YouTube

Demo of Sumo Logic Log Reduce - Next Generation Log Analytics

YouTube

Next Generation Log Management & Analytics - Demo of Sumo Logic

YouTube
Return to navigation

Product Details

What is Sumo Logic?

Sumo Logic is a cloud-native SaaS analytics platform powered by logs that helps customers deliver reliable and secure cloud-native applications. Sumo Logic helps practitioners and developers to ensure application reliability and security against modern threats and gain insights into their cloud infrastructures. The scalable platform also offers real-time analytics and insights across observability and security solutions for their cloud-native applications.

Sumo Logic Video

Sumo Logic platform intro

Sumo Logic Competitors

Sumo Logic Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Sumo Logic is a log management offering from the San Francisco based company of the same name.

Datadog, Splunk Cloud, and New Relic are common alternatives for Sumo Logic.

Reviewers rate Support Rating highest, with a score of 8.7.

The most common users of Sumo Logic are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(71)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Sumo Logic is a versatile tool that is widely used in an enterprise setting by developers, system engineers, management, and InfoSec professionals. Its primary use case is as a log aggregation tool, allowing users to ingest large amounts of logs and gain visibility into their systems. By centralizing application logs, Sumo Logic aids in troubleshooting, development assistance, security, and compliance efforts. It serves as a reliable troubleshooting tool for technical users and provides valuable insights for analysis and support.

OneLogin, a platform that relies on Sumo Logic, utilizes it to gain advanced visibility into transactions within their platform and extends a limited version to their customers. Users find Sumo Logic's customizable heuristics invaluable for identifying specific event information. The tool enables proactive monitoring and root cause analysis of application problems, offering comprehensive exploration of logs across clusters of machines. Its ability to generate alerts for log errors reduces response time to incidents significantly.

Sumo Logic also fulfills the requests of business users who need simple and quick insights into their IT infrastructure. It empowers them to create customized dashboards to monitor and analyze logs from various environments. The eCommerce department uses Sumo Logic specifically for monitoring application logs, performing ad hoc queries, and setting up alerts for system problems. Overall, Sumo Logic plays an essential role in bringing visibility, improving system performance understanding, aiding troubleshooting efforts, and fulfilling compliance requirements in enterprise settings.

Valuable log ingestion: Many users have found Sumo Logic's ability to ingest logs from their CDN directly, in real-time, to be a valuable feature. This eliminates the need for massive compressed archives that were sent every two hours.

Extensive REST API capabilities: Several reviewers have praised Sumo Logic's REST API for its extensive capabilities in managing log sources, source configurations, dashboard data, searches, and more. They have also noted that the API documentation is consistently updated.

Easy configuration management: Users appreciate the addition of the ability to configure agents via configuration files. This feature allows for easier and more flexible configuration management using tools like Chef, Puppet, or Salt. Some users have specifically mentioned how this has improved their workflow.

Difficult User Management: Many users have expressed difficulty in managing user accounts due to the lack of a User/RBAC API, which made it necessary to manually review user accounts and create spreadsheets.

Limited Collaboration Features: Reviewers have mentioned that the user who creates saved search queries, alerts, reports, or dashboards is the only one who can edit them. This creates difficulties in a collaborative environment or larger enterprise where multiple users may need to collaborate on and modify these assets.

Unpublished Work on User Deletion: Deleting a user account in Sumo Logic causes all the work created by that user to become unpublished and unscheduled. This includes dashboards, scheduled searches, alerting, reporting, and other related assets.

Users commonly recommend the following for Sumo Logic:

  • Use Sumo Logic for log file analysis and other big data projects. It is considered the best solution available in the market for log management and machine data analytics platform.

  • Configure alerts for anomalies/failures and keep logs of different parts of the system to ensure comprehensive monitoring.

  • Take advantage of Sumo Logic's ease of use and advanced features, such as parsing, dashboarding, and alerting. Users should consider taking training provided by Sumo Logic to effectively navigate the platform.

  • Utilize the very responsive support team and benefit from frequent updates provided by Sumo Logic.

  • Set up Sumo Logic properly for future time-saving benefits.

  • Consider Sumo Logic for IT teams as it provides sophisticated analytics and improves security in the cloud.

  • Optimize log writing of applications for cheaper and better log management with Sumo Logic.

  • Use Sumo Logic for monitoring APIs, network monitoring issues, and infrastructure monitoring to make it more efficient.

  • Explore more ways to view and aggregate data in Sumo Logic for better monitoring of systems.

  • Consider the total cost of ownership before choosing a monitoring analytics solution, including capacity planning, data ingest costs, support contracts, time to build out an MVP, familiarity with the data, and cycle time.

  • Work with vendor services for any issues related to search API and dashboard problems.

  • Try Sumo Logic as a good alternative to Splunk if it is not in the budget or if extreme needs are not present. Users also have access to free product certification and training.

Attribute Ratings

Reviews

(1-1 of 1)
Companies can't remove reviews or game the system. Here's why
Derek Ardolf | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Sumo Logic was being used by developers, system engineers, management, and InfoSec as a primary log aggregation tool. It was replacing the Splunk deployment in our enterprise because it was cheaper, hosted by Sumo Logic, and helped bring larger visibility to the enterprise (as we were able to ingest larger amounts of logs than we had before). As a result, many developer teams that did not initially have the insight into their applications were able to get instant access to how things were running on their systems.
  • Sumo Logic allowed for our InfoSec team to ingest logs from our CDN directly, in real-time, instead of massive compressed archives that were sent every two-hours (the only alternative at the time). Sumo Logic had an app for these logs, that allowed us to easily get an immediate payoff from the data, with canned dashboard and saved searches.
  • Sumo Logic has a fairly extensive REST API when it comes to log sources, source configurations, dashboard data, searches, etc. Their wiki for the API is usually kept up to date.
  • Sumo Logic, during the period of time I had used their product, had added the ability to configure agents via configuration files. This allowed customers to configure their endpoints, and modify the endpoints, with configuration management tools like Chef / Puppet / Salt. Beforehand, the only option was to always make changes either via the web portal or REST API.
  • The solutions engineers were extremely helpful, and easily reachable when issues would occur.
  • Users at our company found it easy to get started, working on new dashboards, scheduled searches, and alerting. The alerting worked well with our third-party paging tool.
  • Sumo Logic, during the period that I used their product (up until at least November 2015), did not have a User / RBAC API. This made it very difficult to manage users (we had about 100 users). Even though they had SAML integration, allowing us to utilize a single-sign on solution, we would have to do manual reviews of user accounts in Sumo Logic on a regular basis. There was no export feature, so it became a matter of copy/pasting all users from the web portal, and creating a spreadsheet out of the data. This was a big pain, as we were all about automation. I had been told that a User / RBAC REST API would be made available sometime during Q1 - Q1 2016.
  • The user who creates any saved search queries, alerts, reports, or dashboards, is the only user that is able to edit them. In a collaborative environment, or larger enterprise, this brings a level of difficulty. For example, if an alert breaks and is spamming an inbox/pager, it cannot be edited or stopped unless done specifically by the user who created it. The RBAC has not been improved enough to allow groups/teams/organizations to have ownership over them (as of November 2015).
  • If you are to delete a user account in Sumo Logic, as your account is setup to allow a specific amount of user accounts in addition to the storage limits agreed in contract, all of the work they had created for teams -- dashboards, scheduled searches, alerting, reporting, etc. -- all become unpublished and unscheduled. They all become inherited by the user that deletes their account. This may create a mess, as this may now completely stop many useful reports/alerts/dashboards that were being taken care of initially. As a result, deletion of a user who is no longer having access to Sumo Logic (due to leaving the company, or leaving a team the needs access), requires a complete review of everything the user has saved in order to see whether anything needs to be rescheduled for alerting/reporting or republished for dashboard viewing. This is all as of November 2015.
  • Purging log data can be extremely difficult. Sumo Logic stores data in a WORM (Write Once, Read Many) type of database. This is done for security reasons, and the database also stores it's data in an encrypted form. If you wish for any data to be removed for any reason, such as PHI / PII / etc. information, you have to wipe out absolutely all data within a time range that Sumo Logic has ever gathered for you. This does not just include the source of the data you are trying to purge, but would include all log data from all sources that you have (even if separately indexed, or partitioned). I am unsure of whether this is still the fact, or if this has at least narrowed down to partition/index, or source.
  • In the web portal, Sumo Logic has icons for agents that are working -- green/yellow if I remember right. Source hosts would always show a big green checkmark for health, even if certain sources were completely failing. If Sumo Logic agents are logging errors that logs can't be collected (permissions, some agent issue, etc.), there wasn't a way to visibly see there was an issue unless you were looking for it in logs. This resulted in periods of time where we did not receive logs from many sources. This is hard to alert on, as we found we would have to create a scheduled search of Sumo Logic agent logs that looked for as many error/warning messages as we could, that we knew about. This was incredibly difficult, and unmanageable.
Sumo Logic is best suited, as of the time of this review, for a smaller-to-medium sized enterprise. Medium may be pushing it, depending on the deployment. The larger the enterprise, user access, and server agent count, the harder Sumo Logic is at scaling and realistically using. I have not managed or deployed other log aggregation solutions, so I'm not aware of whether competitors may suffer from the same setbacks as Sumo Logic. The ease of use, ability to deploy quickly, always having the latest version of the web portal (due to it being hosted), and being able to have data readily available for a critical time of the year were great benefits. Sumo Logic had also shown that they were taking our feedback seriously, and seemed to be working on resolutions to many of these issues for 2016. I'm giving a 7 out of 10 based on the Sumo Logic as it was in November 2015. If one is in talks with the vendor, the cons listed here should be mentioned in order to see if they have been resolved.
  • It was nearly all positive impacts for us. Teams that never had data so easily accessible beforehand (such as developers, and managers being able to see dashboards for infrastructure health) were able to make immediate changes based on what they found. This could be said, likely, of any log aggregation toolset being used at a company. Though, with Sumo Logic, the default apps were very helpful in quickly showing us issues that were proactively resolved (so, unknown amount of time/stability gain there).
  • Being able to integrate log data from our CDN, creating great real-time visibility for our InfoSec team, was a huge win. We were unable to get this with Splunk at the time (not sure if Splunk has made any changes), so this was likely the clinch. Before, we were getting large archives of log data every two hours. We couldn't ingest this into Splunk due to cost, so it was useless data. That data was able to be ingested in real-time with Sumo Logic, resulting in 100's of gigabytes of data being ingested daily from that data source alone. The insight was tremendous!
  • The Developers that were given access to use Sumo Logic were very happy with the data they had access to, and the representation of it within Sumo Logic (through custom created items, and canned apps). One feature we requested, which was a live tail of source data to be able to watch events occur in real-time, went through beta and into production during our use. We were invited to web meetings directly with Sumo Logic developers on prototypes, tried out the beta, and made use of it in production. This feature was extremely helpful during testing, and application deployments, where previously we were having to constantly run new searches after the fact.
We had used Splunk previously. Sumo Logic defeats them when it comes to cost, including the costs that would normally come with supporting/managing/patching/upgrading your own infrastructure and storage. Those were wins, but especially the real-time CDN integrations due to Sumo Logic's collaborations with other vendors.

We had spoken to Logentries and discovered that many of the cons we found with Sumo Logic seemed to have been resolved in their product. Their pitfall was that, at the time, Logentries did not have the ability to get real-time log ingestion from our CDN. They said they had a solution, which was scripted, but we had not evaluated/tested. Logentries also did not have a User / RBAC REST API, and are nowhere near the level of compliance that Sumo Logic had (https://www.sumologic.com/press/2015-02-19/sumo-logic-successfully-completes-pci-data-security-stand...). In the end, I believe Logentries and Sumo Logic would be two good vendors to get involved in a bake-off.
  • Vendor implemented
  • Implemented in-house
Yes
We did a trial/evaluation run, with the assistance of Sumo Logic, for a period of 3-months. This included servers that had not ever had logs ingested into a log aggregation tool, for use by teams. During this stage, we also worked on ingesting logs in real-time from our CDN. This phase was done agentless, as to make it easier to deploy and to tear down if we chose to scrap it.

When we signed a contract, we began adding many more internal log sources -- including the logs that were being ingested into Splunk (so that we could transition completely to Sumo Logic).
Change management was a minor issue with the implementation
Change management was not a big deal, especially during our trial period, since we had gone down the agentless path in our trial run. Agentless was chosen due to the potential change management roadblocks (during a holiday period), and the need to get it designed/implemented very quickly. We later transitioned to agent-based setups, and change management was not too big a deal since we were outside of a holiday period by that point.
  • Sumo Logic agents had a harder time on Windows Server than they had on Linux servers. Certain standard log files were unable to be ingested, such as logs generated by SQL server. Even with help from our solutions engineer, and Sumo Logic support, this issue was not resolved. I have spoken to other customers that did not have this issue, and had seen a demo environment where it was working without problem. I am not sure if this bug was resolved, if it was indeed a bug.
  • Agentless brought about problems later on. It seemed the best choice to implement, to quickly get up and running all the way into a production environment with little hassle. Agents would not have been ideal at the time (Winter 2014), as the only way you could manage/fix source configurations was via the web portal or REST API only. I managed sources via a PowerShell Module I had developed (), as it was the only reasonable way to make changes to large amounts of collectors/sources at a time. In the web portal GUI, one is only able to make modifications to one collector/source at a time. Sumo Logic later introduced the ability to make new changes on the collector locally, via configuration files, thus introducing proper configuration management. This made agentless highly unnecessary, as now we could modify many sources/collectors at a time and not have a single-point of failure (biggest reason not to go agentless!). If the central log collector server used in an agentless setup would run into any issues, you could go for long periods of time collecting zero logs from many sources. Ouch. Since November 2015, there was not a documented way to have redundancy with an agentless setup without major scripting and unavoidable pitfalls.
  • User creation and management: I went more in-depth in my review, but the absence of a user / RBAC API caused problems. Being that Sumo Logic is a hosted solution, accessible from the internet, if someone leaves the company or no longer needs access due to a change of role, it cannot be automated (as of November 2015).
I was satisfied with the implementation, as at the time, it was the best way to implement the product with the available feature sets in Sumo Logic. User creation and management became more of an issue during continued use, instead of it being an issue related to deploying the product in our environment.
Return to navigation