Sumo Logic Observability Reviews

We used it for log observability – log aggregation specifically.

Operational effectiveness with regards to when there's an issue, when there's a reactive issue, people are able to, or as well as proactively, actually, because we use their PagerDuty integrations. We use queries in Sumo Logic to trigger alerts based on logging. That allows us to proactively identify issues as they're happening. 

With those same alerts, obviously, with that platform, you can use it to reactively start looking at troubleshooting issues as they're happening right then and there or incidents. So it's been very, very good for alerting and for troubleshooting issues. 

For predicting issues before they happen, it is not very good. They have a feature called anomaly detection, but I think it's quite premature compared to other stuff out there.

So it's good for alerts and for troubleshooting operational effectiveness. When your operations are down or segregated, it's perfect because it will help you diagnose the issues.

It was the flexibility of their query language. I believe it's a proprietary query language Sumo Logic Observability use. Compared to something like Splunk, where you had to create many filters beforehand, Sumo Logic's language allowed you to do it on the fly. It had a steeper learning curve, but it was more powerful once you mastered it.

The speed of queries could be improved. When using more advanced functions, especially with large datasets like the 90-day log retention we had, queries could be slow, sometimes taking up to five minutes.

Additionally, the management of searches definitely needs improvement. I often had many Sumo Logic tabs open—not browser tabs, but tabs within their system. It could easily become overwhelming, with multiple pages of tabs to keep track of.

There is also a lack of pre-built dashboards. So, those are the three main areas where I see room for improvement.

I was using Sumo Logic till July 2023. I used it for five years. It was on the cloud, as a Software as a Service (SaaS), so the specific cloud doesn't matter.  

It's very stable. It's an enterprise-grade product suitable for your internal business users. I wouldn't hesitate to use it in that context.

It is most definitely a scalable product. Since it's Software as a Service (SaaS), you don't need to do any scaling on your end. 

Advice: As you scale your own infrastructure, you simply need to ensure you have the necessary resources to send logs to Sumo Logic. This could be through Fluent Bit, OpenTelemetry, or other methods. Scaling up is very easy.

We had five super users from the platform team, which I was a part of. We were involved in infrastructure, new apps, Sumo administration, and its actual use. We also had about 20 developers using it, and another 30 non-technical/business users. So, the total would be around 55.

I contacted the support team a few times. I will start from light to heavy:

Positive

We were initially on Splunk, and it was expensive, heavy, and cumbersome. 

Sumo Logic, on the other hand, was very flexible in how you could write queries and create graphs.

Sumo Logic was cloud-first, unlike Splunk, which emerged during the era of physical data centers. Sumo Logic's cloud-native approach, flexible query language, graph creation capabilities, and Kubernetes benefits, along with being cheaper, likely contributed to your migration from Splunk.  

For me, it was a little time-consuming initially because I was new to Kubernetes. But now that I'm an expert, so it's very simple. A Helm chart deploys it with a configuration where you enter your API key, and it sends everything over. So, getting up and running is easy, even for a newbie.

Configuring it takes a bit more tweaking since you have to set up collectors for different types of logs. You might have one for Kubernetes logs and another for AWS logs, and you need to specify how to collect them. But overall, the initial installation is quick.

I would consider it not too expensive, especially as a team. 

But now they’re not charging by ingests anymore. So, I have no idea how expensive it would be, and users wouldn't have any idea how expensive it would be until your users start increasing and start using Sumo Logic more and more. 

You should expect the price to be a bit of an unknown and to basically increase as the business increases. That's why I would recommend other users speak to them to model the cost.

But relatively, it's not too expensive, and it's good value for money because they're managing all of this data for you. Your users can access it quite freely, easily, and fast, but not necessarily for cheap. It's very difficult for anyone to model that.

I would advise to have a demo with them to understand the pricing. Sumo Logic Observability used to charge per data ingest, but now they charge by queries, making it difficult to estimate the cost if you're not familiar with similar products.

Previously, you could say, "Okay, we generated 500 gigabytes of data last month; that's what we would be sending." Now, you're subjected to a random number of queries that you can't really calculate or predict if you're not using something similar. So, have a demo with them to understand the pricing model because it has moved from data ingests to the number of queries.

Have it installed so you can send them some data. Use their certification section and landing section where you can actually work with the data you're sending, even if it's limited data. I would suggest sending some limited data to them on a trial account and checking out the education section. That's what I would suggest to you.

Learning curve: 

It's an excellent learning tool. It's great for understanding and demonstrating whatever infrastructure and applications we have. It was literally the learning tool I used to teach people about our applications, infrastructure, and how Sumo Logic works. 

It's easy to pick up. Not only is it a useful learning tool, but it's relatively easy to start creating queries and doing your own stuff in Sumo Logic. When I had new people join, I would ask them to eventually do something via Sumo, like creating a dashboard that shows specific data.

My rating for the product: 

Overall, I would rate the solution a seven out of ten. 

So there's a lot to be improved. I got to a point where I became an expert at what I was doing at my company, and I couldn't take Sumo Logic as far as I could. I was highly qualified in Sumo Logic, had all the certificates, the learning. I was the foremost expert of Sumo Logic in my company, me and one other peer. My manager and I originally set up Sumo Logic, so we were the pros and experts in our field. In our business, we knew exactly how everything worked, but we couldn't take Sumo Logic any further.

In fact, the company I left is now, unfortunately, moving back from Sumo Logic. You can reach the maximum functionality of Sumo Logic quite quickly because it’s very easy to use, but it doesn't really offer the next step. I'm doing a lot of things now with Prometheus and Fauna, using more open-source tools that allow you to push further.

In terms of observability in a wider sense, looking at tracing and logging as well as metrics, there's a lot more you can do elsewhere because I don't think Sumo Logic has much support for tracing. As an SRE, I'm almost wasting my time using Sumo Logic. It's good for LogPoint, but for wider reliability engineering initiatives and strategies that I'm starting to implement, Sumo Logic just wouldn't cut it, unfortunately.

I led the security team for the company. We use Sumo Logic Observability for SIEM capabilities, general log storage management, scheduled searches, dashboarding, observability, and visibility. Other application and infrastructure teams, including SRE, used it mainly for logging.

When I joined the organization several years ago, they struggled to maintain their existing logging infrastructure, consuming a significant amount of time and effort from the operations and IT infrastructure engineering teams responsible for keeping the rest of the systems online. They were spending too much time on this critical component. Logging is crucial for two main reasons. Firstly, from a long-term compliance and durability perspective, especially in regulated industries like the medical field, we needed to retain logs for a considerable period. Secondly, from a cybersecurity standpoint, preventing tampering with logs is essential. These factors highlight the importance of focusing on logging. Leveraging Sumo Logic Observability shifted our focus from managing the logging infrastructure to extracting value from our logs. This transition enabled us to concentrate on utilizing our observability data effectively rather than grappling with the complexities of system maintenance and long-term storage.

The solution allows multiple groups to converge on a unified platform, allowing for different utilization by various teams. Rather than segregating solutions for logging, such as one for general purposes and another for security, the platform fosters collaboration by providing a shared toolkit and dataset. This enables centralized management of access controls while promoting cohesion among teams. Its ability to unify disparate functions without needing separate solutions for each team is perhaps its most compelling feature.

We accumulate more systems, and they become more ephemeral. Consequently, this leads to an exponential increase in observability data. Therefore, it's crucial to continuously explore, employ, and refine techniques for efficiency in storage, querying, etc. These optimizations directly impact costs for both the vendor and the customer, particularly considering the exponential scale. Thus, cost management becomes paramount, with price per unit as a main factor. It's essential to strive for the lowest possible price per unit while maintaining the capabilities for innovative functionalities.

One suggested improvement for Sumo Logic is implementing a more streamlined enrichment process, conceptualizing the observability data collection as an ETL pipeline. This would involve enhancing processing rules and FDR for a smoother experience, particularly when integrating with the SIEM product and performing further enrichments. Such enhancements would benefit security personnel and various other users, making enrichment a primary feature accessible to all.

I have been using Sumo Logic Observability for eight years.

The product is stable. I didn't see too many problems.

The solution is scalable.

Sumo Logic started integrating logs and metrics, treating them as the same set of Observability data. We didn't want to have to maintain separate systems for logging and metrics.

The initial setup is pretty straightforward.

There's certainly a return on investment when using Sumo Logic's products. As the data grows, we navigate through a vast sea of information, seeking out those valuable nuggets. In the past, the mentality at Sumo used to be "send us your most important stuff, and we'll do cool stuff with it," which worked to some extent. However, even our most interesting data has become too large to fit that economic model. We must ingest all the data and determine how to utilize it effectively. We can implement a process similar to the ETL pipeline concept. This way, the cost is reduced if certain datasets are not being actively utilized.

The product’s pricing could be improved.

Sumo Logic Observability operates as a cloud-based platform where Sumo serves as a unified control plane in a SaaS model. Sometimes, a collection mechanism may need deployment, such as an agent running on a process, like a VM, or a resource within a public cloud provider that sends data from sources like an S3 bucket. SumoLogic offers various integration capabilities, including cloud-to-cloud integrations, such as collecting logs without setting up a separate server. Different data sources can be brought into the system. Sumo Logic provides a wide range of solutions to facilitate this process, making it easy to decide on data ingestion, parsing, enrichment, and more.

Overall, I rate the solution an eight out of ten.

We use Sumo Logic to collect all our logs in one central location. This makes it easier for developers to search for errors in our systems. We also use it to create dashboards for stakeholders. 

We process large amounts of requests, sometimes millions per day, so we want to track things like successful transactions and data volume in queues. Sumo Logic dashboards help us analyze this data quickly and easily.

So, so it's primarily for log aggregation and analysis. 

It's helped us with troubleshooting. For example, we recently had an issue with duplicate logins, which doubled the log volume. Using Sumo Logic, we were able to identify the root cause. It has a field that shows the instance name of the log source, and that helped us pinpoint the culprit in another log. 

This was much faster than using the default search tools. Additionally, Sumo Logic's historical data search is convenient. We can easily find specific events and use that information to understand platform availability and identify bottlenecks. It's very configurable, allowing us to drill down into specific issues and work our way up from there.

It's actually quite agnostic and independent. For example, if you're using a customized collector, you just push a log to an endpoint provided by Sumo Logic, and it does the rest. They have no business with your application; they don't even know it exists. They just get the logs to your specific endpoint and start processing them for you.

Alerting and consistency are key. We have different tiers with log collectors, and continuous querying provides near-real-time updates. It's almost like instantly when something happens, like pending transactions or error fees. This helps reduce incident resolution time compared to waiting for thresholds on other platforms. We can continue logging in with them seamlessly and quickly get into action.

Another valuable feature is easy custom field creation in Sumo Logic. For example, recently, we had Sumo collect all our container tier load data. Containers can be expensive with heavy logging, so we only wanted important information there. 

We easily created custom fields without changing our applications because Sumo supported, I think, ten active logging applications at the time.  These are heavy applications. 

Rerouting everything for that field change would have been difficult. So, configuring Sumo Logic, adding a new field, and having applications update that specific field was convenient. Sumo Logic automatically identified different logic categories for us.

Documentation could be better. While it's generally good, sometimes finding what you need requires extensive searching. It's not always clear where to look for specific things. 

Sometimes, the information itself is well-written, but you have to dig through multiple sources before finding it. It's not the most user-friendly experience, so I think documentation needs improvement for user needs.

I have been using this product for eight years. We haven't updated our collectors or dashboards too frequently. We did switch to the new dashboards about four or five months ago, but we don't immediately jump to the latest version because "if it ain't broke, don't fix it."

Based on our experience, I'd rate the stability a ten out of ten. We haven't had any issues with Sumo Logic itself. No outages, no problems.  

For scalability, I'd give it a nine or ten. It's been tested twice in the past week during peak times, processing about seven million records each time with no issues. We got our logs quickly, and everything was top-notch.  

I've not had an issue. But the customer service and support should be good because, with the amount of money Sumo Logic charges, they should have good support for this. 

But they offer plenty of tools from the start. So, it's mostly when you need something beyond their standard setup. They provide what they expect from your system, clear instructions, and basically follow those, and everything works. If you have issues, nine times out of ten, it's something on your end.

Positive

I have used Grafana and Prometheus. Grafana downside: most things require manual setup. Connections provide endpoints, but you manage deployed instances. 

For high demand, there are extra costs, which Java providers help with. Paying for a supposedly fully managed cloud offering like an Azure server doesn't make sense when another platform does everything for you. 

With Prometheus, you have to learn the language, querying, data campaigns. Sumo Logic lets you start without learning any language. Can't search for "David" in the log or subject line, but Sumo Logic performs the query and delivers the results. 

Complex actions like filtering based on payloads require some understanding, but the documentation offers plenty of examples, and it's almost like SQL, not a completely new language.

It is quite easy to setup Sumo Logic. There's no real difficulty. The only potential complication is setting up your own collector, which requires conforming to specific Logic formats, but I don't think that should be difficult. Overall, it's quite straightforward.

It's on AWS for our services. We leverage log gateway integration in AWS, where all logs are pushed to Sumo Logic via an app. So, we just add credentials or alarms for services, and that's it. On Sumo, you can then set up your collectors, Azure filtering, and everything you need.

I started on the free tier to try it out, but because of our usage, we're now paying for it. 

We have a service processing millions of requests per day, so for logs, we send about $4,000  per month. It's quite high, but understandable given the requirements of the application. Because if the whole thing goes down, it will impact the organisation. 

Overall, it is expensive. 

For everything it offers out of the box, ten out of ten. Honestly, I was blown away by a service that provides everything.

But I would rate it a nine out of ten because there are certain times when the Logic doesn't provide Logs as fast as I want them to. 

If you're attempting to swiftly navigate through a substantial amount of data you can expand the implementation of Sumo Logic Observability across various organizations, but it is crucial to ensure that you properly analyze all the data being ingested into it. Moreover, comprehending the cost structure and prioritizing specific logs can greatly assist in a security investigation. The manner in which you utilize it can be somewhat subjective, as it can be integrated with other security solutions. For example, I'm currently trying to examine a vast range of data and perform queries, but I'm unsure about searching for email data. Previously, I utilized it to identify particular strings within log data, but I find it somewhat challenging due to the additional effort required. Writing numerous queries consistently can be burdensome, particularly for smaller teams without a full complement of engineers to fully develop the solution. Scaling without substantial resources can be a daunting task. However, if you integrate it effectively within your environment and incorporate tools like a Security Orchestration, Automation, and Response (SOAR) system, you can automate a significant portion of the process. Nevertheless, for companies operating on a limited budget, this may present a significant challenge.

Sumo Logic Observability presents a range of valuable features, including well-crafted dashboards and a diverse selection of helpful apps. However, personally, I don't hold a favorable opinion of the solution. While I don't struggle with writing queries, my main difficulty lies in recruiting competent individuals and ensuring their proficiency in utilizing the solution. This often leads to additional challenges and complexities. From my perspective, when compared to Microsoft Sentinel or even Splunk, Sumo Logic Observability has a steeper learning curve. One contributing factor to this disparity is the solution's long existence in the market compared to Synlogic. Nevertheless, I acknowledge that there are capable and knowledgeable professionals employed at Sumo Logic Observability. The effectiveness of the solution largely depends on how it is integrated into your internal operations and environment. Its utility and benefits can vary significantly. It is worth noting that organizations like the NSA and, I believe, the CIA used it in the past, primarily for rapidly searching and analyzing large volumes of data. To leverage its capabilities effectively, you must determine how to tailor it to your specific needs.

Fine-grained data can be quite frustrating to work with and should be made easier.

I have used Sumo Logic Observability within the past 12 months.

I rate the support of Sumo Logic Observability an eight out of ten.

Positive

I have used IBM Logic demos. Interacting with detailed, fine-grained data can be quite frustrating and bothersome. That's essentially the main challenge I encounter. Depending on the solution I'm working with, my preference for using a command line varies. While it can be convenient in certain cases, there are times when I find it easier to navigate through a more visually appealing graphical user interface.

I rate Sumo Logic Observability a seven out of ten.

In my company, the solution is used for logging in our production and applications. Whenever my company's customer reports a bug, we go ahead and just debug it using the trace IDs.

The most valuable feature of the solution stems from the tool allowing you to go back through and do tracing in every single log through a request.

SearchUI.exe is a bit clunky in the product, making it an area where the product needs improvements. SearchUI.exe is quite difficult to use, with many different filter options that are not as intuitive as expected.

I have been using Sumo Logic Observability since August 2023. I am a user of the product.

I have not seen any stability issues in the product.

I don't know from a wider perspective when it comes to my company as to how many people are using the product. I can say that in the part of the organization where I operate, there are around 60 people who use the solution.

The solution is deployed on the cloud.

I have no idea whether my company plans to continue with Sumo Logic Observability or if they will change to some other product in the near future.

Real-time analytics capability is possible in Sumo Logic Observability since it is always delayed by a couple of minutes.

I have not used the product's alert system.

It was easy to learn to use Sumo Logic Observability, especially since I have used Splunk in the past.

I will tell those who plan to use the product that it is a pretty good tool, but there are other products in the market that work in a very similar manner. It is possible to use other products like Grafana, Splunk, or any tool for log aggregation, as generally, such solutions are stable.

I rate the overall tool an eight out of ten.

The product helps to monitor data and alerts when it is triggered. 

The product is easy to learn. 

I have been using the product for eight months. 

My company has 60 users. 

I haven't contacted the tool's technical support yet. 

Sumo Logic Observability's deployment is easy. 

It would be best to explore it as much as possible so that you can use it easily. The product is easy to troubleshoot. You should undergo some training before using it. I rate the tool an eight out of ten.