# Send data to Sumo Logic

{% hint style="info" %}
See the changelog of this Data sink type [here](/data-sinks/syslog-data-sink.md).
{% endhint %}

## Overview

Onum supports integration with **Sumo Logic**. 

## Prerequisites

To send events to Sumo Logic Cloud, you will need to obtain the following credentials:

* **Token** 
* **Host**
* **TCP TLS port**

`<165>1 2015-01-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [YOUR_TOKEN] msg`\
`<165>1 2015-01-11T22:14:15.003Z mymachine.example.com evntslog - ID47 - YOUR_TOKEN msg`

<figure><img src="/files/J2lbstxEb07znqWx5OqO" alt=""><figcaption></figcaption></figure>

Create your Cloud Syslog collector and find these credentials using [these instructions.](https://help.sumologic.com/docs/send-data/hosted-collectors/cloud-syslog-source/)

* **CA certificate**

Set up TLS by downloading a certificate. Download the certificate from one of the locations specified [here](https://help.sumologic.com/docs/send-data/hosted-collectors/cloud-syslog-source/).&#x20;

Once you have your Certificate, create a [Secret](/administration/global-settings/organization-settings/secrets-management.md) to store it. You will need to select this secret later in the **CA Certificate** field of the Data Sink.

## Onum Setup

Now, add the configuration to establish the connection.

* **Protocol**<mark style="color:red;">**\***</mark>**&#x20;-** `TCP`
* **Host**<mark style="color:red;">**\***</mark> - this is the URL that establishes the connection with sumologic. Hostnames should have the following format:  `syslog.collection.YOUR_DEPLOYMENT.sumologic.com`
* **Port**<mark style="color:red;">**\***</mark>**&#x20;-** enter the port that was generated along with your host and token.

### **TLS configuration**

Here, you must select or create the [secrets](/administration/global-settings/organization-settings.md) containing these values.

* **CA chain -** this is where you enter the **secret** containing the previously-generated CA certificate.
* **Skip TLS validations** - `false`
* **Minimum TLS version** - minimum v1.0 is required.

Click **Finish** when complete.

## Output configuration

When you use this Data sink in a Pipeline, you can configure the output parameters. This is where you give the message the required format to be processed in Syslog.

{% hint style="warning" %}
If your message already has the required format, toggle **Passthrough** to send the message exactly as it is received by the Data sink. Uncheck **Passthrough** to manually format the message.
{% endhint %}

Configure the following parameters to manually format the message

* **Type -** To send events to the sink, make sure the type is `Syslog RFC 5424`

<details>

<summary>Header</summary>

Enter the header parameters:

* **Priority** / **Severity & Facility** - The field corresponding to the Priority OR the fields corresponding to the Severity and Facility that will be used to make the Priority field.
* **Timestamp** -  The field containing the timestamp value.
* **Hostname** -  The field containing the hostname.
* **Appname** (only for **Syslog RFC 5424**) -  The field containing the application name.
* **ProcID** (only for **Syslog RFC 5424**) -  The field containing the Process ID.
* **MsgID** (only for **Syslog RFC 5424**) -  The field containing the Message ID.

</details>

<details>

<summary>Structured-data (only for <strong>Syslog RFC 5424</strong>)</summary>

Choose the field to source the structured data from.

</details>

<details>

<summary>Message</summary>

Enter the fields used to build the body of the message. The parameters will change depending on the type selected:

**Syslog RFC 3164**

* **Tag** - The field containing the tag.
* **ProcId** - The incoming field with the process ID.
* **Content** - The field used as the content field.

**Syslog RFC 5424**

* **Message** - The field containing the message body.

</details>

<details>

<summary>Test mode</summary>

Toggle **Yes** to disable the delivery of the event whilst still being able to process it. This means you do not require a valid destination to use the Data sink, as it will not send the data on.

</details>

<details>

<summary>Compression</summary>

Toggle **Yes** to compress the message or **No** to send it on as is.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onum.com/the-workspace/data-sinks/data-sink-integrations/send-data-using-syslog/send-data-to-sumo-logic.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.