SOC Analyst at a computer software company with 1,001-5,000 employees
Real User
Top 10
2024-11-08T18:52:35Z
Nov 8, 2024
The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk. Sometimes logs will not fetch, and there are issues if the log volume exceeds a threshold. Not every tool is integrated with Sumo Logic. The response time for their support could be better, and it is not very user-friendly.
The query of Sumo Logic is complex. It should be improved. The solution should improve its UI. FireEye, Splunk, and LogRhythm provide proper UIs. The solution should improve its scalability and stability. Connecting the collector with Sumo is difficult if a collector or device is down. We have faced multiple challenges like this, and we are still facing these challenges. We recently raised a ticket to Sumo Logic to investigate the issue.
Archtect at a financial services firm with 1,001-5,000 employees
Real User
Top 5
2023-05-03T10:55:36Z
May 3, 2023
The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial. In a feature release, more insights on threat intelligence would be helpful.
Associate Director - Database & DevOps at Medlife
Real User
2020-06-21T08:08:08Z
Jun 21, 2020
There isn't anything in particular that stands out that I would say is lacking or needs adjustments. For us, the solution offers everything we need. If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see. If Sumo could come up with the feature and then make it as a part of the offering that would be ideal. The pricing could be more competitive. Sumo Logic bills based on the amount of data that you ingest into their platform. There are times that some of the data is not critical. You don't want to be charged at the same level for the extra data that isn't critical, but you will be.
Enterprise Architect at a transportation company with 10,001+ employees
Real User
2018-12-11T08:31:00Z
Dec 11, 2018
We would like the ability to drill down into a dashboard and get into deeper levels. Some of the operations and security team members don't think Sumo Logic does as well as Splunk in their field. Sumo Logic could possibly do more work with security teams and the operations side to bring in some additional features that Splunk has which Sumo Logic doesn't.
Developer Manager at a financial services firm with 1,001-5,000 employees
Real User
2018-12-11T08:31:00Z
Dec 11, 2018
I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial. It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement. We are still looking for some functionality to make the alerting and monitoring set up easier and more user-friendly.
Infrastructure Engineer at a wholesaler/distributor with 1,001-5,000 employees
Real User
2018-12-11T08:30:00Z
Dec 11, 2018
I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports. Going forward, I would like more templates for reports, especially for common vendors, firewalls, and routers. That would be fantastic.
If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved. If they could do something about this, it would be nice.
It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap. It was very hard to install the agents on AWS Elastic Beanstalk, which was disappointing. The product's interface is a bit slow and cumbersome to use.
Cloud Lead Engineer at a media company with 1,001-5,000 employees
Real User
2018-12-04T07:57:00Z
Dec 4, 2018
The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems.
Currently, it has predefined patterns that we need to set up manually. We would like to have some type of predefined setup for the logs, making the setup easier by default, such as: * What are the total number of error logs? * What are the total number of hits? * What are the total number of misses?
Automation is open to user's implementation, in my case, we used to use API to correlate and orchestrate events from Sumo Logic with other platforms, and now we are using an automation platform to centralize the various integrations.
Sumo Logic
Sumo Logic is a cloud-based machine data analytics company focusing on security, operations, and BI use cases. It provides log management and analytics services that leverage machine-generated big data to deliver real-time IT insights.
Sumo Logic is developed as a SaaS solution, it processes and analyzes large quantities of IT infrastructure data, spotting patterns and anomalies that can indicate a potential threat or significant event.
The platform is designed to help IT,...
The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk. Sometimes logs will not fetch, and there are issues if the log volume exceeds a threshold. Not every tool is integrated with Sumo Logic. The response time for their support could be better, and it is not very user-friendly.
Sumo Logic Security is expensive, and its pricing could be improved.
The query of Sumo Logic is complex. It should be improved. The solution should improve its UI. FireEye, Splunk, and LogRhythm provide proper UIs. The solution should improve its scalability and stability. Connecting the collector with Sumo is difficult if a collector or device is down. We have faced multiple challenges like this, and we are still facing these challenges. We recently raised a ticket to Sumo Logic to investigate the issue.
The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial. In a feature release, more insights on threat intelligence would be helpful.
The integration with multiple sources could be better. You cannot monitor insights on SumeLogic SIM.
In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently.
There isn't anything in particular that stands out that I would say is lacking or needs adjustments. For us, the solution offers everything we need. If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see. If Sumo could come up with the feature and then make it as a part of the offering that would be ideal. The pricing could be more competitive. Sumo Logic bills based on the amount of data that you ingest into their platform. There are times that some of the data is not critical. You don't want to be charged at the same level for the extra data that isn't critical, but you will be.
There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries.
We would like the ability to drill down into a dashboard and get into deeper levels. Some of the operations and security team members don't think Sumo Logic does as well as Splunk in their field. Sumo Logic could possibly do more work with security teams and the operations side to bring in some additional features that Splunk has which Sumo Logic doesn't.
I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial. It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement. We are still looking for some functionality to make the alerting and monitoring set up easier and more user-friendly.
There are some API gaps that are missing.
I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports. Going forward, I would like more templates for reports, especially for common vendors, firewalls, and routers. That would be fantastic.
If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved. If they could do something about this, it would be nice.
It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap. It was very hard to install the agents on AWS Elastic Beanstalk, which was disappointing. The product's interface is a bit slow and cumbersome to use.
The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems.
Currently, it has predefined patterns that we need to set up manually. We would like to have some type of predefined setup for the logs, making the setup easier by default, such as: * What are the total number of error logs? * What are the total number of hits? * What are the total number of misses?
Automation is open to user's implementation, in my case, we used to use API to correlate and orchestrate events from Sumo Logic with other platforms, and now we are using an automation platform to centralize the various integrations.