Project 13: Sumo Logic (15 pts)

Purpose

Learn how to use Sumo Logic, a popular cloud-based log monitoring system.

Downloading the Example File

Right-click the link below and save the linked file in your Downloads folder.

apache_access_logs_tutorial.txt

Making an Account

In a browser, go to

https://help.sumologic.com/01Start-Here

On the top right, click the "FREE TRIAL" button, as shown below.

On the next page, in the "Sumo Free" box, click "Get Started", as shown below.

On the next page, enter your email address, agree to the terms, and click "Sign Up", as shown below.

On the "Welcome" page, point to "Upload Files", as shown below, and click "Get Started".

Uploading the Sample File

In the "Upload Files" page, make these selections, as shown below.

Type: Apache
Source Category: leave at default
Select Files: click the button and navigate to the apache_access_logs_tutorial.txt file you downloaded
Time zone: leave at default

Click the Continue button.

When the process finishes, as shown below, click "Start Searching My Logs".

Searching Logs

The next page allows you to search logs, much like Splunk, as shown below.

Installing the Apache App

On the lower left, click "App Catalog".

On the next page, click Apache, as shown below.

On the next page, click "Add to Library", as shown below.

A box pops up, titled "Add Apache to Library", as shown below.

Enter an App Name of ApacheApp, select a Source Category of "uploads/apache", and click "Add to Library"

A list of predefined saved searches and dashboards appears. Scroll to the bottom, as shown below, and double-click "Apache - Overview".

Four panes appear, showing overview charts, as shown below.

Searching for Log Data

In the top of the page, click the Apache tab.

In the top bar, enter this search:

_sourceCategory="uploads/apache" and GET

On the top right, click the Start button.

Only the GET requests are found, and GET is highlighted in yellow in the log entries, as shown below.

Parsing Messages

In the first log entry, highlight "GET" and all the text after it.

In the pop-up menu, click "Parse selected text", as shown below.

In the "Parse Text" box, highlight the URI sring (just after the GET), as shown below.

Click "Click to extract this value".

In the Fields box, enter

url,

as shown below. Highlight the status code 200, as shown below, and click "Click to extract this value".

In the Fields box, add this text

status_code,

Notice that the extracted fields change to asterisks in the top pane, as shown below.

Highlight the number after the second asterisk, as shown below, and click "Click to extract this value".

In the Fields box, add this text

size,

Highlight the text inside quotes, but not the quotes, as shown below, and click "Click to extract this value".

In the Fields box, add this text:

referer

Your box should look like the image below. Click Submit.

At the top of the page, the query now contains a "parse" section, as shown below.

At the top right, click Start.

The parsed fields appear in colums in the lower portion of the page, as shown below.

Saving the Search

At the top left, under the query box, click "Save As"

Enter a name of "Apache Status Codes", as shown below. Click Save.

as shown below.

Aggregated Search Results

In the query bar, in the bottom line, click at the right end and press Alt+Enter to move to a new line.

Then enter this text:

| count by status_code

Your query string should look like the image below.

At the top right, click Start.

The lower pane shows an "Aggretates" tab showing the number of times each status_code appeared, as shown below.

Find the second-most-common status code, which is covered by a green box in the image below. Enter it into the form below to record your success.

Recording Your Success (15 pts.)

Use the form below to record your score in Canvas.

If you don't have a Canvas account, see the instructions here.

Name or Email:

Code:

Posted 10-22-18
uploads/apache source name corrected 10-22018 8:45 pm