Sumo Logic Hosted Collector

Use Observability Pipelines’ Sumo Logic Hosted Collector source to receive logs sent to your Sumo Logic Hosted Collector. Select and set up this source when you set up a pipeline.

Prerequisites

To use Observability Pipelines’s Sumo Logic source, you have applications sending data to Sumo Logic in the expected format.

To use Observability Pipelines’s Sumo Logic destination, you have a Hosted Sumo Logic Collector with a HTTP Logs source, and the following information available:

  • The bind address that your Observability Pipelines Worker will listen on to receive logs. For example, 0.0.0.0:80.
  • The URL of the Sumo Logic HTTP Logs Source that the Worker will send processed logs to. This URL is provided by Sumo Logic once you configure your hosted collector and set up an HTTP Logs and Metrics source.

See Configure HTTP Logs Source on Sumo Logic for more information.

Set up the source in the pipeline UI

Select and set up this source when you set up a pipeline. The information below is for the source settings in the pipeline UI.

Optionally, in the Decoding dropdown menu, select whether your input format is raw Bytes, JSON, Graylog Extended Log Format (Gelf), or Syslog. If no decoding is selected, the decoding defaults to JSON.

Send logs to the Observability Pipelines Worker over Sumo Logic HTTP Source

After you install the Observability Pipelines Worker and deploy the configuration, the Worker exposes HTTP endpoints that uses the Sumo Logic HTTP Source API.

To send logs to your Sumo Logic HTTP Source, you must point your existing logs upstream to the Worker:

curl -v -X POST -T [local_file_name] http://<OPW_HOST>/receiver/v1/http/<UNIQUE_HTTP_COLLECTOR_CODE>

<OPW_HOST> is the IP/URL of the host (or load balancer) associated with the Observability Pipelines Worker. For CloudFormation installs, the LoadBalancerDNS CloudFormation output has the correct URL to use. For Kubernetes installs, the internal DNS record of the Observability Pipelines Worker service can be used, such as opw-observability-pipelines-worker.default.svc.cluster.local.

<UNIQUE_HTTP_COLLECTOR_CODE> is the string that follows the last forward slash (/) in the upload URL for the HTTP source that you provided in the Install the Observability Pipelines Worker step.

At this point, your logs should be going to the Worker, processed by the pipeline, and delivered to the configured destination.