Sumo Logic, Inc. is a cloud-based machine data analytics company focusing on security, operations and BI use cases. It provides log management and analytics services that leverage machine-generated big data to deliver real-time IT insights. This integration will run the provided search query and return the first 10 results.
To learn more about Sumo Logic, please visit: https://www.sumologic.com/
A valid Sumo Logic access Id. An access Id can be generated in your Sumo Logic dashboard.
A valid Sumo Logic access key associated with the provided Access ID. An access Key can be generated in your Sumo Logic dashboard (make sure to save this somewhere, it can only be viewed once).
Your Sumo Logic deployment endpoint location. For more information, please see: https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security
The search expression.
The search window for your search
The time zone to be used for the search. See this Wikipedia article - https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, for a list of valid time zone codes.
Define as true to run the search using receipt time which is the order that Collectors received the messages. By default, searches do not run by receipt time.
You can find documentation on the Sumo Logic Query Language here: https://help.sumologic.com/05Search/Search-Query-Language
In general, queries that work through the Sumo Logic web interface can also be used in this integration.
The default query will default to creating a job that will include the first 10 messages containing the entity that the user is searching. Defaults to: '_sourceName=* "{{entity}}" | LIMIT 10'
Example request:
"query": "* | parse "GET * " as {{entity}}
| count by {{entity}}
| top 10 {{entity}} by _count"
If a user is searching the IP, 1.2.3.4 - then, it will replace the templated entity value.
"query": "* | parse "GET * " as {{1.2.3.4}}
| count by {{1.2.3.4}}
| top 10 {{1.2.3.4}} by _count"
The error Job ID is invalid. is returned for certain invalid queries. If you see this error, please double-check that your search query works from the Sumo Logic web interface.
Installation instructions for integrations are provided on the PolarityIO GitHub Page.
Polarity is a memory-augmentation platform that improves and accelerates analyst decision making. For more information about the Polarity platform please see: