WebsiteBlogLogin

Sumo Logic Cloud

See the changelog of this Data sink type here.

Overview

Onum supports integration with Sumo Logic.

To send events to Sumo Logic Cloud, you will need to obtain the following credentials:

  • Token

  • Host

  • TCP TLS port

<165>1 2015-01-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [YOUR_TOKEN] msg <165>1 2015-01-11T22:14:15.003Z mymachine.example.com evntslog - ID47 - YOUR_TOKEN msg

Create your Cloud Syslog collector and find these credentials using these instructions.

  • CA certificate

Set up TLS by downloading a certificate. Download the certificate from one of the locations specified here.

Once you have your Certificate, create a Secret to store it. You will need to select this secret later in the CA Certificate field of the Data Sink.

Configuration

Select Syslog from the list of Data sink types and click Configuration to start.

Now you need to specify how and where to send the data and how to establish a connection with Syslog.

Metadata

Enter the basic information for the new Data sink.

Parameters
Description

Name*

Enter a name for the new Data sink.

Description

Optionally, enter a description for the Data sink.

Tags

Add tags to easily identify your Data sink. Hit the Enter key after you define each tag.

Metrics display

Decide whether or not to include this Data sink info in the metrics and graphs of the Home area.

Configuration

Now, add the configuration to establish the connection.

  • Protocol* - TCP

  • Host* - this is the URL that establishes the connection with sumologic. Hostnames should have the following format: syslog.collection.YOUR_DEPLOYMENT.sumologic.com

  • Port* - enter the port that was generated along with your host and token.

TLS configuration

Here, you must select or create the secrets containing these values.

  • CA chain - this is where you enter the secret containing the previously-generated CA certificate.

  • Skip TLS validations - false

  • Minimum TLS version - minimum v1.0 is required.

Click Finish when complete.

Output configuration

When you use this Data sink in a Pipeline, you can configure the output parameters. This is where you give the message the required format to be processed in Syslog.

If your message already has the required format, toggle Passthrough to send the message exactly as it is received by the Data sink. Uncheck Passthrough to manually format the message.

Configure the following parameters to manually format the message

  • Type - To send events to the sink, make sure the type is Syslog RFC 5424

Header

Enter the header parameters:

  • Priority / Severity & Facility - The field corresponding to the Priority OR the fields corresponding to the Severity and Facility that will be used to make the Priority field.

  • Timestamp - The field containing the timestamp value.

  • Hostname - The field containing the hostname.

  • Appname (only for Syslog RFC 5424) - The field containing the application name.

  • ProcID (only for Syslog RFC 5424) - The field containing the Process ID.

  • MsgID (only for Syslog RFC 5424) - The field containing the Message ID.

Structured-data (only for Syslog RFC 5424)

Choose the field to source the structured data from.

Message

Enter the fields used to build the body of the message. The parameters will change depending on the type selected:

Syslog RFC 3164

  • Tag - The field containing the tag.

  • ProcId - The incoming field with the process ID.

  • Content - The field used as the content field.

Syslog RFC 5424

  • Message - The field containing the message body.

Test mode

Toggle Yes to disable the delivery of the event whilst still being able to process it. This means you do not require a valid destination to use the Data sink, as it will not send the data on.

Compression

Toggle Yes to compress the message or No to send it on as is.

PreviousSyslogNextSyslog

Last updated

Was this helpful?