DOCSLIB.ORG

Understanding Log Analytics at Scale O'reilly Report | Pure Storage

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Understanding Log Analytics at Scale O'reilly Report | Pure Storage C om p lim e nt s of SECOND EDITION Understanding Log Analytics at Scale Log Data, Analytics & Management Matt Gillespie & Charles Givre REPORT SECOND EDITION Understanding Log Analytics at Scale Log Data, Analytics, and Management Matt Gillespie and Charles Givre Beijing Boston Farnham Sebastopol Tokyo Understanding Log Analytics at Scale by Matt Gillespie and Charles Givre Copyright © 2021 O’Reilly Media, Inc.. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more infor‐ mation, contact our corporate/institutional sales department: 800-998-9938 or [email protected]. Acquisitions Editor: Jessica Haberman Proofreader: Abby Wheeler Development Editor: Michele Cronin Interior Designer: David Futato Production Editor: Beth Kelly Cover Designer: Randy Comer Copyeditor: nSight, Inc. Illustrator: Kate Dullea May 2021: Second Edition February 2020: First Edition Revision History for the Second Edition 2021-05-05: First Release The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Understanding Log Analytics at Scale, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the authors, and do not represent the publisher’s views. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights. This work is part of a collaboration between O’Reilly and Pure Storage. See our statement of editorial independence. 978-1-098-10423-8 [LSI] Table of Contents 1. Log Analytics . 1 Capturing the Potential of Log Data 3 2. Log Analytics Use Cases. 13 Cybersecurity 14 IT Operations 19 Industrial Automation 24 3. Tools for Log Analytics. 31 Splunk 32 Elastic (Formerly ELK) Stack 33 Sumo Logic 34 Apache Kafka 34 Apache Spark 35 Combining Log Analytics with Modern Developer Tools 35 Deploying Log Analytic Tools 36 4. Topologies for Enterprise Storage Architecture. 39 Direct-Attached Storage (DAS) 42 Virtualized Storage 43 Physically Disaggregated Storage and Compute 44 5. The Role of Object Stores for Log Data. 47 The Trade-Offs of Indexing Log Data 49 6. Performance Implications of Storage Architecture. 51 Additional Considerations for Security Analytics 54 v 7. Enabling Log Data’s Strategic Value with a Unifed Fast File and Object Platform. 63 8. Nine Guideposts for Log Analytics Planning. 69 Guidepost 1: What Are the Trends for Ingest Rates? 70 Guidepost 2: How Long Does Log Data Need to Be Retained? 71 Guidepost 3: How Will Regulatory Issues Affect Log Analytics? 71 Guidepost 4: What Data Sources and Formats Are Involved? 72 Guidepost 5: What Role Will Changing Business Realities Have? 73 Guidepost 6: What Are the Ongoing Query Requirements? 73 Guidepost 7: How Are Data-Management Challenges Addressed? 74 Guidepost 8: How Are Data Transformations Handled? 75 Guidepost 9: What About Data Protection and High Availability? 75 9. Conclusion. 77 vi | Table of Contents CHAPTER 1 Log Analytics The humble machine log has been with us for many technology gen‐ erations. The data that makes up these logs is a collection of records generated by hardware and software—including mobile devices, lap‐ top and desktop PCs, servers, operating systems, applications, and more—that document nearly everything that happens in a comput‐ ing environment. With the constantly accelerating pace of business, these logs are gaining importance as contributors to practices that help keep applications running 24/7/365 and analyzing issues faster to bring them back online when outages do occur. If logging is enabled on a piece of hardware or software, almost every system process, event, or message can be captured as a time- series element of log data. Log analytics is the process of gathering, correlating, and analyzing that information in a central location to develop a sophisticated understanding of what is occurring in a datacenter and, by extension, providing insights about the business as a whole. The comprehensive view of operations provided by log analytics can help administrators investigate the root cause of problems and iden‐ tify opportunities for improvement. With the greater volume of that data and novel technology to derive value from it, logs have taken on new value in the enterprise. Beyond long-standing uses for log data, such as troubleshooting systems functions, sophisticated log analytics have become an engine for business insight and compli‐ ance with regulatory requirements and internal policies, such as the following: 1 • A retail operations manager looks at customer interactions with the ecommerce platform to discover potential optimizations that can influence buying behavior. Complex relationships among visit duration, time of day, product recommendations, and promotions reveal insights that help reduce cart abandon‐ ment rates, improving revenue. • A ride-sharing company collects position data on both drivers and riders, directing them together efficiently in real time, as well as performing long-term analysis to optimize where to position drivers at particular times. Analytics insights enable pricing changes and marketing promotions that increase rider‐ ship and market share. • A smart factory monitors production lines with sensors and instrumentation that provide a wealth of information to help maximize the value generated by expensive capital equipment. Applying analytics to log data generated by the machinery increases production by tuning operations, identifying potential issues, and preventing outages. Using log analytics to generate insight and value is challenging. The volume of log data generated all over an enterprise is staggeringly large, and the relationships among individual pieces of log data are complex. Organizations are challenged with managing log data at scale and making it available where and when it is needed for log analytics, which requires high compute and storage performance. Log analytics is maturing in tandem with the global explosion of data more generally. The International Data Corporation (IDC) predicts that the global data‐ sphere will grow more than fivefold in seven years, from 33 zettabytes in 2018 to 175 zettabytes in 2025.1 (A zettabyte is 10^21 bytes or a million petabytes.) What’s more, the overwhelming majority of log data offers little value and simply records mundane details of routine day-to-day operations such as machine processes, data movement, and user transactions. There is no simple way of determining what is 1 David Reinsel, John Gantz, and John Rydning. IDC, November 2018. “The Digitization of the World from Edge to Core”. 2 | Chapter 1: Log Analytics important or unimportant when the logs are first collected, and con‐ ventional data analytics are ill-suited to handle the variety, velocity, and volume of log data. This report examines emerging opportunities for deriving value from log data, as well as the associated challenges and some approaches for meeting those challenges. It investigates the mechanics of log analytics and places them in the context of specific use cases, before turning to the tools that enable organizations to fulfill those use cases. The report next outlines key architectural considerations for data storage to support the demands of log ana‐ lytics. It concludes with guidance for architects to consider when planning and designing their own solutions to drive the full value out of log data, culminating in best practices associated with nine key questions: • What are the trends for ingest rates? • How long does log data need to be retained? • How will regulatory issues affect log analytics? • What data sources and formats are involved? • What role will changing business realities have? • What are the ongoing query requirements? • How are data-management challenges addressed? • How are data transformations handled? • What about data protection and high availability? Capturing the Potential of Log Data At its core, log analytics is the process of taking the logs generated from all over the enterprise—servers, operating systems, applica‐ tions, and many others—and deducing insights from them that power business decision making. That requires a broad and coher‐ ent system of telemetry, which is the process of PCs, servers, and other endpoints capturing relevant data points and either transmit‐ ting them to a central location or a robust system of edge analytics. Log analytics begins with collecting, unifying, and preparing log data from throughout the enterprise. Indexing, scrubbing, and nor‐ malizing datasets all play a role, and all of those tasks must be Capturing the Potential of Log Data | 3 completed at high speed and with efficiency, often to support real- time analysis. This entire life cycle and the systems that perform it
Load more

Recommended publications
  • State of 2017
    STATE OF MODERN APPLICATIONS IN THE CLOUD 2017 Introduction — The Rise of Modern Applications What is the Modern Application? Today’s leading enterprises are striving to deliver high performance, highly scalable and always-on digital services. These services are built on custom “modern architectures” – an application stack with new tiers, new technologies, microservices and typically running on cloud platforms like Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, etc. What does this report provide? The goal of this report is to provide data-driven insights, best practices and trends by analyzing technology adoption among Sumo Logic customers who run massive mission-critical modern applications on cloud platforms like AWS, Azure, and Google Cloud. Who should read this report? Cloud architects, Operations, DevOps and Security leaders and practitioners should leverage the learnings from this report to build, operate and secure modern applications effectively. Data Methodology and Assumptions • This data is derived from 1500+ Sumo Logic customers running applications on cloud platforms like AWS, Azure, Google Cloud, etc. All customer specific data is anonymized. • Customers use Sumo Logic to manage production applications and underlying infrastructure. Hence, this report provides a snapshot of the production application state. • The Sumo Logic analytics service runs on AWS. The experience and expertise of running this mission critical and massive service is also leveraged in this report. This report assumes that an app or
    [Show full text]
  • Gigaom Radar for Cloud Observability V1.0
    MARKET RADAR GigaOm Radar for Cloud Observability v1.0 ANDY THURAI | FEB 26, 2021 - 10:57 AM CST TOPIC: CLOUD INFRASTRUCTURE CREDIT: BAGOTAJ GigaOm Radar for Cloud Observability TABLE OF CONTENTS 1 Summary 2 Market Categories and Deployment Types 3 Key Criteria Comparison 4 GigaOm Radar 5 Vendor Insights 6 Analyst’s Take 7 About Andy Thurai 8 About GigaOm 9 Copyright GigaOm Radar for Cloud Observability v1.0 2 1. Summary Observability is an emerging set of practices, platforms, and tools that goes beyond monitoring to provide insight into the internal state of systems by analyzing external outputs. It’s a concept that has its roots in 19th century control theory concepts and is rapidly gaining traction today. Of course, monitoring has been a core function of IT for decades, but old approaches have become inadequate for a variety of reasons—cloud deployments, agile development methodology, continuous deployments, and new DevOps practices among them. These have changed the way systems, infrastructure, and applications need to be observed so events and incidents can be acted upon quickly. At the heart of the observability concept is a very basic premise: quickly learn what happens within your IT to avoid extended outages. And in the unfortunate event of an outage, you need to ensure that you can get to the root cause of it fast. Outages are measured by Mean Time To Resolution (MTTR) and it is the goal of the observability concept to drive the MTTR value to as close to zero as possible. No surprise, building resilient service delivery systems that are available with high uptime is the ultimate end goal for any business.
    [Show full text]
  • Application Data Analytics for Modern Applications How Sumo Logic’S Unified Machine Data Platform Changes the Management Game
    Application Data Analytics for Modern Applications How Sumo Logic’s Unified Machine Data Platform Changes the Management Game An ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) White Paper Prepared for Sumo Logic July 2016 IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Application Data Analytics for Modern Applications: How Sumo Logic’s Unified Machine Data Platform Changes the Management Game Table of Contents Overview ................................................................................................................................................. 1 Telemetry, Big Operational Data, and the Real-Time Business ................................................................ 2 Modern Application Environments Require a New Approach to Application Management ................... 4 Sumo Logic: Cloud-Native Unified Logs and Metrics ............................................................................. 6 EMA Perspective ...................................................................................................................................... 8 ©2016 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com Application Data Analytics for Modern Applications: How Sumo Logic’s Unified Machine Data Platform Changes the Management Game Overview telemetry – an automated communications process by which measurements and other data are collected at remote or inaccessible points and are subsequently transmitted to receiving equipment for monitoring1 The word “telemetry” has traditionally
    [Show full text]
  • GCP Cloud Foundations #Whoami
    GCP Cloud Foundations #whoami Federico Fregosi Current: Principal Consultant - Technical Past: [email protected] https://www.linkedin.com/in/federico-fregosi/ About Contino Contino is a leading transformation consultancy that helps large, heavily-regulated enterprises to become fast, agile and competitive. 360+ 5 300+ 150+ People Global offices Engagements Customers The deepest pool of We can scale rapidly More DevOps Specializing in helping the DevOps, data & cloud to support diverse transformation executed world's leading brands transformation talent client requirements than any other professional accelerate digital in the industry across the globe services firm transformation 3 Agenda 01 | Cloud Foundations 02 | Organization Structure & Resource Deployment 03 | Authentication & Authorization 04 | Networking 05 | Secrets Management 06 | Logging 07 | Operating Model 08 | FinOps - Billing 09 | Q&A 4 Why Do You Need Cloud Foundations? Landing zones enable management of standardised GCP projects, which in turn control your Virtual Private Clouds (VPCs) and consumption of GCP cloud services. ● Prevents Project Sprawl: Project provision can be managed as cloud engagement increases ● Minimises Engineering Overhead: Eliminating manual changes reduces complexity and enables scalability and consistency ● Enables Scaling by Design: Management of services and infrastructure in public cloud is made simple by the use of a well-designed landing zone ● Accelerates Consumption of Cloud Services: Allows for GCP projects to be provisioned with a
    [Show full text]
  • Designing Phelkstat: Big Data Analytics for System Event Logs
    Designing PhelkStat: Big Data Analytics for System Event Logs Mohammed Salman∗, Brian Welch∗ and Joseph Tront∗ David Raymondy, Randy Marchanyy ∗Department of Electrical and Computer Engineering y IT Security Office Virginia Tech, Blacksburg Virginia Tech, Blacksburg Abstract—With wider adoption of micro-service based archi- tectures in cloud and distributed systems, logging and monitoring costs have become increasingly relevant topics of research. There are a large number of log analysis tools such as the ELK(ElasticSearch, Logstash and Kibana) stack, Apache Spark, Sumo Logic, and Loggly, among many others. These tools have been deployed to perform anomaly detection, diagnose threats, optimize performance, and troubleshoot systems. Due to the real- time and distributed nature of logging, there will always be a need to optimize the performance of these tools; this performance can be quantified in terms of compute, storage, and network utilization. As part of the Information Technology Security Lab at Virginia Tech, we have the unique ability to leverage production data from the university network for research and testing. We analyzed the workload variations from two production systems at Virginia Tech, finding that the maximum workload is about four times the average workload. Therefore, a static configuration can lead to an inefficient use of resources. To address this, we propose PhelkStat: a tool to evaluate the temporal and spatial attributes of system workloads, using clustering algorithms to categorize the current workload. Using PhelkStat, system parameters can be automatically tweaked based on the workload. This paper reviews publicly available system event log datasets from supercomputing clusters and presents a statistical analysis of these datasets.
    [Show full text]
  • Leveraging Clustering and Natural Language Processing to Overcome Variety Issues in Log Management
    Leveraging Clustering and Natural Language Processing to Overcome Variety Issues in Log Management Tobias Eljasik-Swoboda1 a, and Wilhelm Demuth2 1ONTEC AG, Ernst-Melchior-Gasse 24/DG, 1100 Vienna, Austria 2SCHOELLER NETWORK CONTROL GmbH, Ernst-Melchior-Gasse 24/DG, 1100 Vienna, Austria [email protected], [email protected] Keywords: Industrial Applications of AI, Intelligence and Cybersecurity, Machine Learning, Natural Language Processing, Trainer/Athlete Pattern, Log Analysis, Log Management, Event Normalization, Security Information and Event Management, Big Data Abstract: When introducing log management or Security Information and Event Management (SIEM) practices, organizations are frequently challenged by Gartner’s 3 Vs of Big Data: There is a large volume of data which is generated at a rapid velocity. These first two Vs can be effectively handled by current scale-out architectures. The third V is that of variety which affects log management efforts by the lack of a common mandatory format for log files. Essentially every component can log its events differently. The way it is logged can change with every software update. This paper describes the Log Analysis Machine Learner (LAMaLearner) system. It uses a blend of different Artificial Intelligence techniques to overcome variety issues and identify relevant events within log files. LAMaLearner is able to cluster events and generate human readable representations for all events within a cluster. A human being can annotate these clusters with specific labels. After these labels exist, LAMaLearner leverages machine learning based natural language processing techniques to label events even in changing log formats. Additionally, LAMaLearner is capable of identifying previously known named entities occurring anywhere within the logged event as well identifying frequently co-occurring variables in otherwise fixed log events.
    [Show full text]
  • The New Normal: Cloud, Devops, and Saas
    MARCH 2017 THE NEW NORMAL: CLOUD, DEVOPS, AND SAAS Methodology ANALYTICS TOOLS REIGN IN Sumo Logic commissioned UBM plc to conduct an online survey THE MODERN APP ERA in December 2016 exploring the As trends such as cloud computing and DevOps become the de facto current state of IT operations and modern application tools in standard, organizations are increasingly looking for next-generation enterprises. analytics tools and services that provide continuous intelligence to help them build, run, and secure modern applications, and to acceler- The final data set comprises 235 IT operations, application ate their journey to the cloud. However, they struggle with challenges development, and informa- related to security, siloed tools, and customization. A new survey con- tion security professionals. ducted by UBM and Sumo Logic highlights the need for visibility into All respondents are from companies with 500 or more and intelligence about the full IT application stack. employees, with roughly half from companies with 5,000 nterprise IT operates far diferently today than it did a decade or even or more employees. About just five years ago. The modern app era is redefining the way that one-third of respondents work in IT management, including enterprise IT teams build, run, manage, and secure their applications. titles such as CIO, CTO, VP of EInstead of running only their own servers in a traditional data center, IT, IT director and IT manager. today’s organizations are far more likely to be using public cloud computing Respondents’ companies are in a wide variety of industries, with services and/or their own private clouds.
    [Show full text]
  • IT Visibility with Sumo Logic Monitoring and Supporting Your IT Infrastructure
    SOLUTIONS BRIEF IT Visibility with Sumo Logic Monitoring and Supporting Your IT Infrastructure Sumo Logic is the cloud-native service that delivers visibility into the operation of an organization’s IT infrastructure. Today’s IT environment is more complex then ever before. With cloud infrastructures, multi-vendor environments, borderless CLOUD applications and continuous deployments models, all generating data at an unprecedented scale, problem identification and repair EDGE SERVICES APPLICATIONS present formidable challenges. IT teams attempt to analyze their infrastructures in monitoring silos, where a failure in one area can impact an entire service, generating multiple alerts across multiple tools – resulting in silos of management and monitoring. OPERATING SYSTEMS MICROSERVICES IT is under pressure to keep critical business applications and services IT OPERATIONS running to meet the demands of the business and customer. Buts with multiple legacy monitoring tools this can present quite a challenge. CONTAINERS IT teams require a modern solution that integrates with their current environment and provides end-to-end visibility in a single unified view VIRTUALIZATION for all their applications and supporting infrastructure. ON-PREMISE Sumo Logic - The Service for IT Operations The Sumo Logic Service Model Advantage Sumo Logic is the cloud-native service that helps deliver visibility into the operation of an organization’s IT infrastructure. By ingesting the • Eliminate monitoring silos by merging all your application and growing pool of machine data generated within the IT environment, IT infrastructure data Sumo Logic easily delivers critical performance, availability, • Discover meaningful patterns in your IT data and resolve configuration, capacity, and security insights to help you monitor and issues faster support your critical business apps and underlying IT infrastructure.
    [Show full text]
  • International Journal for Scientific Research & Development
    IJSRD - International Journal for Scientific Research & Development| Vol. 3, Issue 04, 2015 | ISSN (online): 2321-0613 Comparison of DevOps Log Monitoring Tools Nisarga Jagadish S1 Prof. Shantala C P2 1PG Scholar 2Professor and HOD 1,2Department of Computer Science & Engineering 1,2CIT, Gubbi Abstract— Devops is an approach in which operation team huge amount of data generated by machine. It generates the and development engineers team work together throughout data, indexes the data and relates the data in searchable entire life cycle. Devops can be divided into different repository so that it can generates graphs, reports, alerts, domains namely Deployment and configuration, Build and dashboards and visualization. Main aim of Splunk is make test, Monitoring and Log monitoring. In this paper, author the data accessible throughout the organization, also gives the description of log monitoring, different types of identifies the data patterns to be searched, provides metrics log monitoring tools and comparison between log to it and troubleshoots the problem raised in the monitoring tools. organization. [4] Key words: Log Monitoring, DevOps Splunk server is scalable software which is written in C/C++ and python. Mainly it takes data generated I. INTRODUCTION by any server, applications or it can be any device. Splunkd DevOps is a combination of development and operation. It and Splunkweb is called the Splunk developer API and this is a software development method that is comprised of developer API is accessible by REST and SOAP or CLI communication, sharing of information and usage of web (Command Line Interface). Splunk main function is to index services, integration, automation and it also measures the the collected data and also to search for logs or log data.
    [Show full text]
  • Omdia Universe: Selecting an Aiops Solution, 2021–22
    Publication date 02 Jul 2021 Author Roy Illsley Chief Analyst Omdia Universe: Selecting an AIOps Solution, 2021–22 S Brought to you byby InformaInforma Tech Tech Omdia Universe: Selecting an AIOps Solution, 01 2021–22 Summary Catalyst The introduction of the latest technology can be seen as a way for organizations to accelerate growth, increase efficiency, and improve customer service. AI for IT operations (AIOps) is one area where the application of technology, if not matched with organizational maturity and readiness, will fail to deliver all promised benefits. This report provides an analysis of the AIOps market. Figure 1 shows the diversity in the AIOps market. Figure 1: The Omdia Universe for AIOps Source: Omdia © 2021 Omdia. All rights reserved. Unauthorized reproduction prohibited. Omdia Universe: Selecting an AIOps Solution, 02 2021–22 Omdia view AIOps is an evolving market from many different IT operational management domains. This evolution witnessed the vendors develop initial solutions based on their own domain-specific perceptions of business requirements. However, as the market matured, the domain expertise and perception of requirements changed, and the leading AIOps vendors have all demonstrated a clear understanding of what an AIOps solution must offer to customers. The pleasing aspect of this maturity is a recognition that AIOps must be an open solution that does not demand customers to deploy a single vendors stack of capabilities alone; rather, AIOps can work with existing domain expert systems such as application performance monitoring (APM), etc. to provide a broad and deep perspective of the IT environment. Omdia can see the potential future evolution of AIOps as branching out to more business and other related areas such as environmental sustainability.
    [Show full text]
  • The Complete Guide to Atlassian for ITSM
    The complete guide to Atlassian for ITSM Reimagine ways of working across IT delivery, operations, and support Contents 4 Introduction 6 About Atlassian 9 Atlassian’s approach to ITSM 13 Getting started with Atlassian’s ITSM solution 15 Service delivery 16 IT business management 25 Change enablement 42 Service configuration management 47 Knowledge management 51 Service operations 52 Incident management 67 Problem management 72 Service support 73 Request management 83 Asset management 91 Enterprise service management 95 Resources 96 Atlassian Team Playbook and IT guides 98 Extend your ITSM solution with Marketplace Apps 100 Enterprise services 101 Atlassian’s cheat sheet for high-velocity ITSM 104 About the authors THE COMPLETE GUIDE TO ATLASSIAN FOR ITSM 2 01 Introduction Introduction We live in amazing times. The world is moving at breakneck speed, from super quantum computing to artificial intelligence to self-driving cars. Enterprises across every industry — from traditional banks to pizza delivery — are undergoing massive digital transformation powered by software. At the same time, customers have higher expectations for on-demand services than ever before. When the risk of downtime means billions in lost revenue and customer backlash, the stakes of missing customer expectations for availability and performance are higher than ever. What’s more, the rise of the knowledge worker in enterprises demands instant access to information and ways to be productive. INTRODUCTION 4 There’s so much at stake, and it’s not slowing down anytime soon. Yet bounded by complex processes and expensive modules, legacy tools are inflexible and hard to adapt in the face of increasingly dynamic business and technology needs.
    [Show full text]
  • Business Challenge Solution Results
    CASE STUDY Xero Sumo Logic delivers a scalable log analytics platform for Xero that supports the company’s fast growth and rapid pace of innovation Overview Business Challenge predictable performance and cost even with the ingestion of hundreds of GB of log per day. Company Xero is a fast growing, global, small business • Xero accounting platform with over 1.3 million Sumo Logic also proved itself to be a fexible subscribers in over 180 countries. To keep platform that can easily ingest data from Industry pace with its growth, Xero revamped its AWS services and other cloud sources. • Financial Services product architecture and migrated its Ingesting logs from new sources no longer infrastructure to Amazon Web Services became a barrier to innovation for Headquarters (AWS). Shifting from its existing on-premise Xero’s developers. • Wellington, New Zealand log management solution to Sumo Logic’s cloud offering delivered predictable cost and Results Size performance for analytics within Xero, as well • 2,000+ Employees as a fexible ingestion platform for logs from • A modernized log ingestion and new AWS services. processing environment that scales Use Case with Xero’s rapid growth - typically • Operations Solution 5-10 percent increase in log volume • Security per month. Xero turned to Sumo Logic’s born-in- • Actionable intelligence - delivered in real- the-cloud log management solution to time – to users in the entire organization dramatically speed up its ability to derive • Xero’s developers and operations can value from tremendous quantities of machine easily ingest new types of logs from data. The migration to AWS resulted in a 5x AWS services, containerised applications increase in log volume and 3x increase in and third parties the number of log types – all within the frst six months.
    [Show full text]