search
WebsiteBlogLogin

Send data to Sumo Logic

circle-info

See the changelog of this Data sink type here.

hashtag
Overview

Onum supports integration with Sumo Logic.

hashtag
Prerequisites

To send events to Sumo Logic Cloud, you will need to obtain the following credentials:

  • Token

  • Host

  • TCP TLS port

<165>1 2015-01-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [YOUR_TOKEN] msg <165>1 2015-01-11T22:14:15.003Z mymachine.example.com evntslog - ID47 - YOUR_TOKEN msg

Create your Cloud Syslog collector and find these credentials using these instructions.arrow-up-right

  • CA certificate

Set up TLS by downloading a certificate. Download the certificate from one of the locations specified herearrow-up-right.

Once you have your Certificate, create a Secret to store it. You will need to select this secret later in the CA Certificate field of the Data Sink.

hashtag
Onum Setup

Now, add the configuration to establish the connection.

  • Protocol* - TCP

  • Host* - this is the URL that establishes the connection with sumologic. Hostnames should have the following format: syslog.collection.YOUR_DEPLOYMENT.sumologic.com

  • Port* - enter the port that was generated along with your host and token.

hashtag
TLS configuration

Here, you must select or create the secrets containing these values.

  • CA chain - this is where you enter the secret containing the previously-generated CA certificate.

  • Skip TLS validations - false

  • Minimum TLS version - minimum v1.0 is required.

Click Finish when complete.

hashtag
Output configuration

When you use this Data sink in a Pipeline, you can configure the output parameters. This is where you give the message the required format to be processed in Syslog.

circle-exclamation

If your message already has the required format, toggle Passthrough to send the message exactly as it is received by the Data sink. Uncheck Passthrough to manually format the message.

Configure the following parameters to manually format the message

  • Type - To send events to the sink, make sure the type is Syslog RFC 5424

chevron-rightHeaderhashtag

Enter the header parameters:

  • Priority / Severity & Facility - The field corresponding to the Priority OR the fields corresponding to the Severity and Facility that will be used to make the Priority field.

  • Timestamp - The field containing the timestamp value.

  • Hostname - The field containing the hostname.

  • Appname (only for Syslog RFC 5424) - The field containing the application name.

  • ProcID (only for Syslog RFC 5424) - The field containing the Process ID.

  • MsgID (only for Syslog RFC 5424) - The field containing the Message ID.

chevron-rightStructured-data (only for Syslog RFC 5424)hashtag

Choose the field to source the structured data from.

chevron-rightMessagehashtag

Enter the fields used to build the body of the message. The parameters will change depending on the type selected:

Syslog RFC 3164

  • Tag - The field containing the tag.

  • ProcId - The incoming field with the process ID.

  • Content - The field used as the content field.

Syslog RFC 5424

  • Message - The field containing the message body.

chevron-rightTest modehashtag

Toggle Yes to disable the delivery of the event whilst still being able to process it. This means you do not require a valid destination to use the Data sink, as it will not send the data on.

chevron-rightCompressionhashtag

Toggle Yes to compress the message or No to send it on as is.

PreviousSend data using SyslogNextSend data using Syslog Resilient

Last updated

Was this helpful?