Edge Delta Sumo Logic Destination

Send items to a Sumo Logic destination.

2 minute read

Overview

The Sumo Logic destination node sends items to Sumo Logic destination. It sends raw bytes that are generated via marshaling items as JSON, or in push format.

incoming_data_types: cluster_pattern_and_sample, log, metric, signal, custom, edac, health

You must have a Sumo Logic HTTPs endpoint to create this output. To learn how to create a new Sumo Logic HTTPs endpoint or locate an existing one, review this document from Sumo Logic.

Example Configuration

nodes:
  - name: my_sumo
    type: sumologic_output
    endpoint: <REDACTED>

Required Parameters

name

A descriptive name for the node. This is the name that will appear in Visual Pipelines and you can reference this node in the YAML using the name. It must be unique across all nodes. It is a YAML list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.

nodes:
  - name: <node name>
    type: <node type>

type: sumologic_output

The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.

nodes:
  - name: <node name>
    type: <node type>

endpoint

The endpoint parameter is the full Sumo Logic collector endpoint. It is specified as a string and is required.

nodes:
  - name: <node name>
    type: sumologic_output
    endpoint: <REDACTED>

Optional Parameters

custom_tags

The custom_tags parameter lists key:template pairs that are calculated per item and sent to the destination as attributes/fields/tags. They are only honored if use_legacy_formatting: true. It is optional.

nodes:
  - name: <node name>
    type: sumologic_output
    endpoint: <REDACTED>
    use_legacy_formatting: true
    custom_tags: 
        <key template pairs>

features

YAML Only

The features parameter defines which data types to stream to the destination. It is specified as a string of comma-separated list of item types. The default is metric,edac,cluster. It is optional.

Feature Type	Supported?
Log	Yes
Metrics	Yes
Alert as event	No
Alert as log	Yes
Health	No
Dimensions as attribute	No
Send as is	No
Send as JSON	Yes
Custom tags	Yes
EDAC enrichment	No
Message template	No
outgoing_bytes.sum	Yes
outgoing__raw_bytes.sum	Yes (only data in raw message field)
outgoing_lines.count	Yes
output buffering to disk	No

nodes:
  - name: <node name>
    type: sumologic_output
    endpoint: <REDACTED>
    features: <feature 1>, <feature n>

use_legacy_formatting

The use_legacy_formatting parameter configures whether to use try match the agent v2 format. It is specified as a Boolean and the default is false. It is optional.

nodes:
  - name: <node name>
    type: sumologic_output
    endpoint: <REDACTED>
    use_legacy_formatting: true