Edge Delta Sumo Logic Output
2 minute read
Overview
The Sumo Logic Output Node sends items to Sumo Logic destination. It sends raw bytes that are generated via marshaling items as JSON, or in push format.
You must have a Sumo Logic HTTPs Endpoint to create this output. To learn how to create a new Sumo Logic HTTPs endpoint or locate an existing one, review this document from Sumo Logic.
Example Configuration
nodes:
- name: my_sumo
type: sumologic_output
features: log
endpoint: <REDACTED>
Required Parameters
name
A descriptive name for the node. This is the name that will appear in Visual Pipelines and you can reference this node in the yaml using the name. It must be unique across all nodes. It is a yaml list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.
nodes:
- name: <node name>
type: <node type>
type: sumologic_output
The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.
nodes:
- name: <node name>
type: <node type>
endpoint
The endpoint parameter is the full Sumo Logic collector endpoint. It is specified as a string and is required.
nodes:
- name: <node name>
type: sumologic_output
endpoint: <REDACTED>
Optional Parameters
custom_tags
The custom_tags parameter lists key:template pairs that are calculated per item and sent to the destination as attributes/fields/tags. They are only honored if use_legacy_formatting: true. It is optional.
nodes:
- name: <node name>
type: sumologic_output
endpoint: <REDACTED>
use_legacy_formatting: true
custom_tags:
<key template pairs>
features
The features parameter defines which data types to stream to the destination. It is specified as a string of comma-separated list of item types. The default is metric,edac,cluster. It is optional.
| Feature Type | Supported? |
|---|---|
| Log | Yes |
| Metrics | Yes |
| Alert as event | No |
| Alert as log | Yes |
| Health | No |
| Dimensions as attribute | No |
| Send as is | No |
| Send as JSON | Yes |
| Custom tags | Yes |
| EDAC enrichment | No |
| Message template | No |
| outgoing_bytes.sum | Yes |
| outgoing__raw_bytes.sum | Yes (only data in raw message field) |
| outgoing_lines.count | Yes |
| output buffering to disk | No |
nodes:
- name: <node name>
type: sumologic_output
endpoint: <REDACTED>
features: <feature 1>, <feature n>
use_legacy_formatting
The use_legacy_formatting parameter configures whether to use try match the agent v2 format. It is specified as a Boolean and the default is false. It is optional.
nodes:
- name: <node name>
type: sumologic_output
endpoint: <REDACTED>
use_legacy_formatting: true