Stream logs to Sumo Logic

DataStream 2 supports sending log files to Sumo Logic to help you make data-driven decisions and reduce the time to investigate security and operational issues.

For security reasons, DataStream 2 sends logs over TLS even if Sumo Logic policies allow insecure requests.

The custom header feature allows you to optionally choose the content type passed in the log file, and enter the name and value for the header that your destination accepts. See what HTTP headers you can use for Sumo Logic.

Before you begin

In Sumo Logic, configure an HTTP logs and metrics source and configure your Sumo Logic URL endpoint to upload log data. See Sumo Logic source configuration.

How to

  1. In Destination, select Sumo Logic.

  2. In Display name, enter a human-readable name description for the destination.

  3. In Endpoint, enter an HTTP source address where you want to send logs. The endpoint URL should follow the https://[SumoEndpoint]/receiver/v1/http format. See Uploading data to an HTTP source in Sumo Logic.

  4. In Collector code, enter the unique HTTP collector code from your Sumo Logic endpoint URL, that is the last string from the URL in the https://[SumoEndpoint]/receiver/v1/http/[UniqueHTTPCollectorCode] format.

📘

Keep your account details safe

The full Sumo Logic endpoint URL can contain the collector code, but you should enter it separately in the Collector code field to hide your Sumo Logic account details.

  1. If you want to send compressed gzip files to your destination, check the Send compressed data box.

  2. Click Validate & Save to validate the connection to the destination and save the details you provided.

    As part of this validation process, the system uses the provided credentials to push a sample request to the provided endpoint to validate the write access. In case you chose the Structured log format, the sample data appears in the 0,access_validation format. For JSON logs, the data follows the {"access_validation":true} format. You can see the data only if the destination validates, and you can access the destination storage.

Additional options

  1. Optionally, click Additional options, and provide the details of the Custom header for the log file:
    • In Content type, set the content type to pass in the log file header. application/json is the only supported content type at this time.
    • If your destination accepts only requests with certain headers, enter the Custom header name and Custom header value. The custom header name can contain the alphanumeric, dash, and underscore characters. See Supported HTTP headers in the Sumo Logic documentation.

🚧

Forbidden custom header values

DataStream 2 does not support custom header user values containing:

  • Content-Type
  • Encoding
  • Authorization
  • Host
  • Akamai
  1. Click Validate & Save to validate the connection to the destination and save the details you provided.

Did this page help you?