Sumo Logic Security Reviews

We mainly use the solution to take advantage of the debugging logs and application logs, which are the production systems that we have. All of these are running these Sumo Logic agents. They keep communicating with the logs and are pushing to the Sumo Logic servers. Basically, we use it for our application debugging. 

We also push the balance of our logs to Sumo Logic. That is for our workarounds. It helps us to get to know the health of our application from the load balancer point of view. We pull for certain error messages within the logs, let's say, for example, exceptions, or errors, etc. We use certain patterns that we want to be highlighted for notification purposes. These are running continuously and whenever certain text patterns are found and are beyond a certain threshold, we get notified so that we can take some corrective actions.

There are a lot of things we like about this product. 

One is the log aggregation. It basically gives a list of matching patterns on most of the logs. When dealing with something like live error messages etc., you can group by similarities.  That way it is very easy to know where things are in real-time. It has helped us in terms of doing a top-down debugging. If, for example, you see a certain error message or an exception, then you double click to see where exactly it has affected the system. That way, at every stage you are able to go one level deeper until you find the root cause, through the logs or by other means. This is something which I find it really helpful. There are other ways within a window you can search as well. You can find out what happened one or two days before or one or two minutes before this message. It helps you follow a trail of events that will lead you to a particular state.

Users can also do a comparison with regard to the filing. Let's say, for example, you see a certain error come up today, and if you are interested in how was it yesterday or the day before, or maybe 17 days ago, you can take a look. This is one of the features that I found really helpful. 

The solution offers capture host metrics as well. Basically it could be the RAM utilization, CPU, or pretty much everything around the host, including the health of the host. That also comes in handy when we are debugging.

There isn't anything in particular that stands out that I would say is lacking or needs adjustments. For us, the solution offers everything we need.

If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see. If Sumo could come up with the feature and then make it as a part of the offering that would be ideal.

The pricing could be more competitive. Sumo Logic bills based on the amount of data that you ingest into their platform. There are times that some of the data is not critical. You don't want to be charged at the same level for the extra data that isn't critical, but you will be.

We recently started using the solution. We started originally sometime in October or November of 2019. It's been maybe eight to ten months since we began.

The solution is quite stable. 

We have had barely any occasions where we witnessed delays. This may have happened once or twice. That is, of course, over a period of months. We started evaluating them in October, but we signed to use them sometime in January. Since January we have been developing customers for them. In the past four or five months that we've been using the solution, only once or twice did we see some kind of a lag in the logs getting pushed. I believe that is an understandable and typical amount of time. If we have had to reach out to their support only two times in about five months, I don't think that's bad.

We've never had any issues with developing scalability. Whatever that we were pushing, in terms of logs, they're all getting pushed and we haven't seen any scalability issues.

We've had no issues whatsoever with the level of service we've been given.

Right now, their customer success team, their version of technical support, will check in to see how we're utilizing the tool. If there's anything we're stuck on they will manage it for us. Whenever we have too many logs, and if we are exceeding our quota, they will personally reach out and check-in. They are really engaged and want to know if things are working as expected or if there at any anomalies. Due to the fact they are so attentive, if they catch anything, they will reduce certain charges so they try to protect our average rates.

The initial setup is very easy. 

In terms of the initial deployment, it's just a matter of installing the solution. It's sort-of similar to onboarding a server.

We did get help from the pre-sales team from Sumo Logic, who was helping us with the initial onboarding and procedures. We also do have their support team available to us. They're called the Customer Success Team.  

They've given us a lot of insight into the tool and they call maybe once a month to check-in. 

The solution is expensive in terms of usage. New users should be aware of that. However, for some that are worried about down-time on their applications, if you can't target, then it makes sense to invest money in a tool like this, and with Sumo especially,

We're just a customer.

It's a good tool. It has helped us, and there's a whole lot of features included. 

For new businesses considering using the solution, if you are strictly or directly only looking towards the cost then it might not be justified, because stability is something which can't be measured, or rather it's not exactly tangible. You might say that, okay, one hour of downtime results in so much of a loss in the business, and if you're effectively making use of the tool for bringing up the systems really fast, potential damage will be zero.

I'd rate the solution eight out of ten.

To rate it at a perfect ten, maybe if they offered just a few more features I'd rate it higher. 

They would also get a higher rating if they offered differential pricing to focus on super-critical logs instead of all data in aggregate. On a need basis, whenever I do a query on them, I should be charged based on that. So some kind of a differential pricing model is something that I would expect out of this platform.

Logging all operational and security events in our enterprise environment. We use Sumo Logic to monitor all the applications that we run in the Amazon AWS cloud; we use Sumo Logic to monitor the security posture of our AWS IaaS with CloudTrail, VPC flow, S3 audit, GuardDuty, and EKS services. 

Sumo Logic is a single place to retrieve intelligence without worrying about architecture and performance.

The out of the box applications were very useful for us. We also use the Threat Intelligence integration for our security monitoring.

Automation is open to user's implementation, in my case, we used to use API to correlate and orchestrate events from Sumo Logic with other platforms, and now we are using an automation platform to centralize the various integrations.

We use it to keep our information database.

It provides easy visibility. I also like the shareable queries because we share a lot across groups.

Being able to join logs together across many services and servers.

There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries.

We haven't had issues with it since I have been working with it.

The scalability fits our needs. It seems very fast and works well.

We just reach out via email if we need assistance.

I don't pay the bill. I've heard the AWS Marketplace pricing is high, but I like the value.

It was already in place when I joined the company, and we are not currently looking at any alternatives.

Reach out, see if you can get a demo on your data, and see how it fits your needs.

It works with all our main applications, so the integration with those products is pretty seamless from my standpoint.

We use the AWS version.

It is primarily for storing logs, then making reports out of the logs and also alert. If something goes up or down, or reaches a threshold, then we are on alert for that.

We push logs through Sumo Logic. The prime example is logs from our firewall. We have been pushing logs through Sumo Logic. Then, from there, we were able to generate reports which shows us security risks. In a way, it gives us a bird's eye view of what's happening from our connection's point of view.

We can ingest logs and make reports out of them. It is a good tool which can help us monitor any issues.

I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports.

Going forward, I would like more templates for reports, especially for common vendors, firewalls, and routers. That would be fantastic.

The stability is good. I have never had any issues with it.

The scalability is good. You can get as much as you want.

Our environment is very small. However, we are beginning to ramp up by pushing logs through Sumo Logic, as we progress with our cloud migration.

The technical support is fantastic.

The initial setup is the most stressful, like learning how to use it. Once you get hang of it, it should be all right.

I have had minimal experience of using Sumo Logic with the cloud. However, I think it's a matter of providing user credentials on your AWS account. I know they have different apps for AWS which you can easily use.

It satisfied what we required of it, but there's still room for improvement in terms of adding applications. Also, there is a little more improvement needed in terms of guiding users on the start up process.

Look at your functionalities, features, and how appropriate the solution is with what you need. Sumo Logic does give a lot of monitoring ability, even ingesting logs and integrating dashboard reports. You can do reports and alarms, which will aid whomever in the management of their infrastructure.