DOCSLIB.ORG

Leveraging Clustering and Natural Language Processing to Overcome Variety Issues in Log Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Leveraging Clustering and Natural Language Processing to Overcome Variety Issues in Log Management Leveraging Clustering and Natural Language Processing to Overcome Variety Issues in Log Management Tobias Eljasik-Swoboda1 a, and Wilhelm Demuth2 1ONTEC AG, Ernst-Melchior-Gasse 24/DG, 1100 Vienna, Austria 2SCHOELLER NETWORK CONTROL GmbH, Ernst-Melchior-Gasse 24/DG, 1100 Vienna, Austria [email protected], [email protected] Keywords: Industrial Applications of AI, Intelligence and Cybersecurity, Machine Learning, Natural Language Processing, Trainer/Athlete Pattern, Log Analysis, Log Management, Event Normalization, Security Information and Event Management, Big Data Abstract: When introducing log management or Security Information and Event Management (SIEM) practices, organizations are frequently challenged by Gartner’s 3 Vs of Big Data: There is a large volume of data which is generated at a rapid velocity. These first two Vs can be effectively handled by current scale-out architectures. The third V is that of variety which affects log management efforts by the lack of a common mandatory format for log files. Essentially every component can log its events differently. The way it is logged can change with every software update. This paper describes the Log Analysis Machine Learner (LAMaLearner) system. It uses a blend of different Artificial Intelligence techniques to overcome variety issues and identify relevant events within log files. LAMaLearner is able to cluster events and generate human readable representations for all events within a cluster. A human being can annotate these clusters with specific labels. After these labels exist, LAMaLearner leverages machine learning based natural language processing techniques to label events even in changing log formats. Additionally, LAMaLearner is capable of identifying previously known named entities occurring anywhere within the logged event as well identifying frequently co-occurring variables in otherwise fixed log events. In order to stay up-to-date LAMaLearner includes a continuous feedback interface that facilitates active learning. In experiments with multiple differently formatted log files, LAMaLearner was capable of reducing the labeling effort by up to three orders of magnitude. Models trained on this labeled data achieved > 93% F1 in detecting relevant event classes. This way, LAMaLearner helps log management and SIEM operations in three ways: Firstly, it creates a quick overview about the content of previously unknown log files. Secondly, it can be used to massively reduce the required manual effort in log management and SIEM operations. Thirdly, it identifies commonly co-occurring values within logs which can be used to identify otherwise unknown aspects of large log files. 1 INTRODUCTION organization. The process of generating, transmitting, storing, analyzing and disposing of log Computers and network components like switches, data is referred to as log management (Kent and routers or firewalls create log files that list events Souppaya, 2006). Centrally collecting log files from occuring on them. Originally, these log files were different components provides a number of tangible only used for troubleshooting problems after errors advantages. Firstly, log files can be accessed even if have occurred. Since then, technology has been the machine that originally generated them is no developed that can react immediately to the longer available. Secondly, central analysis and occurrence of specific events within logs. More correlation is only possible if the relevant log files interesting use cases arise when one combines log are centrally stored. The widespread deployment of files from multiple machines to get a bigger picture modern computing and networking machinery of events occuring within the IT environment of an generates challenges for organizations attempting to a https://orcid.org/0000-0003-2464-8461 leverage central log management. These challenges In this work, we introduce the Log Analysis are similar to those expressed by Gartner (2011) as Machine Learner (LAMaLearner). It uses a blend of the three Vs of Big Data: different artificial intelligence techniques in order to Firstly there is the problem of volume: The minimize the effort of implementing SIEM and log generated amount of log files can easily reach management practices within organizations. This is Terabytes. Secondly there is the problem of velocity especially relevant for Small or Medium Enterprises as depending on what is happening in the computing (SMEs) that oftentimes do not possess the necessary environment, log files can be generated at a rapid human resources to employ large teams focusing on pace. Scale-out architectures, that distribute the log management and SIEM. To do so, this paper workload across multiple machines are capable of outlines the relevant state of the art and technology handling these volume and velocity problems of this field in section 2. Section 3 describes our effectively (Singh & Reddy 2014). The third underlying model which is followed up by section 4 problem of big data is variety. In the case of log that provides some details about the implementation management, it stems from the lack of a mandatory of this technology. Section 5 evaluates the norm for log formats. Essentially, every log file is effectiveness of LAMaLearner for a number of different. Manually interpreting enormous amounts different log file formats and provides information of such log data can easily overwhelm a human about the time and effort that was saved by using being that attempts this task (Varanadi, 2003). LAMaLearner for Log Management projects. Last The process of transforming heterogenous log but not least, section 6 finishes with our conclusions formats to a common output that is centrally stored about the usage of AI to overcome variety is also referred to as event normalization (Teixeira, challenges in log management and SIEM. 2017). This is mainly achieved by using parsers that apply regular expressions to extract specific values from logs in previously known formats. These are 2 STATE OF THE ART subsequently stored in a normalized fashion within searchable databases. The data quality within these There are many tools for log management. Some databases is strongly dependant on the parsing frequently mentioned commercial options are quality. Even though parsing rules for common log Splunk, IBM QRadar, Loggly, Logentries, and sumo files are freely shared on the Internet, these usually logic (Splunk, 2019) (IBM, 2019) (Loggly, 2019) only match highly specific fields such as time (Logentries, 2019) (Sumo Logic, 2019). Most of the stamps and source ip adresses. The essential aforementioned systems are cloud based and require unstructured, natural language message gets a connection to the provider in order to perform the frequently stored as a string. necessary log management. A popular open source Security Information and Event Management solution is the Elastic Stack (formerly known as (SIEM) attempts to leverage centrally managed logs ELK Stack), which is maintained by the company to increase the IT security of an organization ElasticSearch which also offers support for the (Williams and Nicolett, 2005). In practice, specific solution (Elastic, 2019). This company’s full-text event types are oftentimes visualized by occurrence search engine goes by the same name and is an per time frame. For instance the amount of failed log integral part of the Elastic Stack. Another popular in attempts per hour. One can also define alert rules open source solution is Graylog which is maintained that trigger automated stepts. An example for such and supported by the company of the same name an alert rule are to inform a human being if there are (Graylog, 2019). To the best of our knowledge, all more than 10 firewall rejections per minute or that these log management solutions either require malware was detected on a computer within the manual pattern defintions to match relevant known network (Swift, 2010). Currently, the only way to events or provide taxonomies of relevant events for identify specific events is to know the log format in specific systems. None use artificial intelligence advance and having a pattern that can match to the technology for this purpose. In the context of log specific event during normalization. As pointed out, management, AI technologies are frequently used there is no norm for log events. Additionally, the for anomaly detection of aggregated event format of the log file can change with updates of the occurences per time frame instead of the utilized software. Therefore, the implementation and identification and representation of relevant events updating of Log Management and SIEM systems are (Splunk, 2019) (IBM, 2019) (Elastic, 2019). labor intensive. A detailed examination of these log management technologies as well as all contemporary AI techniques goes well beyond the scope of this paper. combines them with a SVM model that is evaluated Therefore the remainder of this section focuses on using n-fold cross-validation. TFIDF-SVM was relevant approaches useful for overcoming the evaluated in the challenging argument stance aforementioned log management variety problem. recognition task and achieved up to .96 F1 for Vaarandi (2003) proposes a data clustering previously unknown arguments about the same topic algorithm for mining patterns from event logs. it was trained on. Encouragingly, it was also able to Different from other text clustering approaches, this achieve up to .6 F1 when determining the stance of algorithm has the key insight,
Load more

Recommended publications
  • State of 2017
    STATE OF MODERN APPLICATIONS IN THE CLOUD 2017 Introduction — The Rise of Modern Applications What is the Modern Application? Today’s leading enterprises are striving to deliver high performance, highly scalable and always-on digital services. These services are built on custom “modern architectures” – an application stack with new tiers, new technologies, microservices and typically running on cloud platforms like Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, etc. What does this report provide? The goal of this report is to provide data-driven insights, best practices and trends by analyzing technology adoption among Sumo Logic customers who run massive mission-critical modern applications on cloud platforms like AWS, Azure, and Google Cloud. Who should read this report? Cloud architects, Operations, DevOps and Security leaders and practitioners should leverage the learnings from this report to build, operate and secure modern applications effectively. Data Methodology and Assumptions • This data is derived from 1500+ Sumo Logic customers running applications on cloud platforms like AWS, Azure, Google Cloud, etc. All customer specific data is anonymized. • Customers use Sumo Logic to manage production applications and underlying infrastructure. Hence, this report provides a snapshot of the production application state. • The Sumo Logic analytics service runs on AWS. The experience and expertise of running this mission critical and massive service is also leveraged in this report. This report assumes that an app or
    [Show full text]
  • Understanding Log Analytics at Scale O'reilly Report | Pure Storage
    C om p lim e nt s of SECOND EDITION Understanding Log Analytics at Scale Log Data, Analytics & Management Matt Gillespie & Charles Givre REPORT SECOND EDITION Understanding Log Analytics at Scale Log Data, Analytics, and Management Matt Gillespie and Charles Givre Beijing Boston Farnham Sebastopol Tokyo Understanding Log Analytics at Scale by Matt Gillespie and Charles Givre Copyright © 2021 O’Reilly Media, Inc.. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more infor‐ mation, contact our corporate/institutional sales department: 800-998-9938 or [email protected]. Acquisitions Editor: Jessica Haberman Proofreader: Abby Wheeler Development Editor: Michele Cronin Interior Designer: David Futato Production Editor: Beth Kelly Cover Designer: Randy Comer Copyeditor: nSight, Inc. Illustrator: Kate Dullea May 2021: Second Edition February 2020: First Edition Revision History for the Second Edition 2021-05-05: First Release The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Understanding Log Analytics at Scale, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the authors, and do not represent the publisher’s views. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work.
    [Show full text]
  • Gigaom Radar for Cloud Observability V1.0
    MARKET RADAR GigaOm Radar for Cloud Observability v1.0 ANDY THURAI | FEB 26, 2021 - 10:57 AM CST TOPIC: CLOUD INFRASTRUCTURE CREDIT: BAGOTAJ GigaOm Radar for Cloud Observability TABLE OF CONTENTS 1 Summary 2 Market Categories and Deployment Types 3 Key Criteria Comparison 4 GigaOm Radar 5 Vendor Insights 6 Analyst’s Take 7 About Andy Thurai 8 About GigaOm 9 Copyright GigaOm Radar for Cloud Observability v1.0 2 1. Summary Observability is an emerging set of practices, platforms, and tools that goes beyond monitoring to provide insight into the internal state of systems by analyzing external outputs. It’s a concept that has its roots in 19th century control theory concepts and is rapidly gaining traction today. Of course, monitoring has been a core function of IT for decades, but old approaches have become inadequate for a variety of reasons—cloud deployments, agile development methodology, continuous deployments, and new DevOps practices among them. These have changed the way systems, infrastructure, and applications need to be observed so events and incidents can be acted upon quickly. At the heart of the observability concept is a very basic premise: quickly learn what happens within your IT to avoid extended outages. And in the unfortunate event of an outage, you need to ensure that you can get to the root cause of it fast. Outages are measured by Mean Time To Resolution (MTTR) and it is the goal of the observability concept to drive the MTTR value to as close to zero as possible. No surprise, building resilient service delivery systems that are available with high uptime is the ultimate end goal for any business.
    [Show full text]
  • Application Data Analytics for Modern Applications How Sumo Logic’S Unified Machine Data Platform Changes the Management Game
    Application Data Analytics for Modern Applications How Sumo Logic’s Unified Machine Data Platform Changes the Management Game An ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) White Paper Prepared for Sumo Logic July 2016 IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Application Data Analytics for Modern Applications: How Sumo Logic’s Unified Machine Data Platform Changes the Management Game Table of Contents Overview ................................................................................................................................................. 1 Telemetry, Big Operational Data, and the Real-Time Business ................................................................ 2 Modern Application Environments Require a New Approach to Application Management ................... 4 Sumo Logic: Cloud-Native Unified Logs and Metrics ............................................................................. 6 EMA Perspective ...................................................................................................................................... 8 ©2016 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com Application Data Analytics for Modern Applications: How Sumo Logic’s Unified Machine Data Platform Changes the Management Game Overview telemetry – an automated communications process by which measurements and other data are collected at remote or inaccessible points and are subsequently transmitted to receiving equipment for monitoring1 The word “telemetry” has traditionally
    [Show full text]
  • GCP Cloud Foundations #Whoami
    GCP Cloud Foundations #whoami Federico Fregosi Current: Principal Consultant - Technical Past: [email protected] https://www.linkedin.com/in/federico-fregosi/ About Contino Contino is a leading transformation consultancy that helps large, heavily-regulated enterprises to become fast, agile and competitive. 360+ 5 300+ 150+ People Global offices Engagements Customers The deepest pool of We can scale rapidly More DevOps Specializing in helping the DevOps, data & cloud to support diverse transformation executed world's leading brands transformation talent client requirements than any other professional accelerate digital in the industry across the globe services firm transformation 3 Agenda 01 | Cloud Foundations 02 | Organization Structure & Resource Deployment 03 | Authentication & Authorization 04 | Networking 05 | Secrets Management 06 | Logging 07 | Operating Model 08 | FinOps - Billing 09 | Q&A 4 Why Do You Need Cloud Foundations? Landing zones enable management of standardised GCP projects, which in turn control your Virtual Private Clouds (VPCs) and consumption of GCP cloud services. ● Prevents Project Sprawl: Project provision can be managed as cloud engagement increases ● Minimises Engineering Overhead: Eliminating manual changes reduces complexity and enables scalability and consistency ● Enables Scaling by Design: Management of services and infrastructure in public cloud is made simple by the use of a well-designed landing zone ● Accelerates Consumption of Cloud Services: Allows for GCP projects to be provisioned with a
    [Show full text]
  • Designing Phelkstat: Big Data Analytics for System Event Logs
    Designing PhelkStat: Big Data Analytics for System Event Logs Mohammed Salman∗, Brian Welch∗ and Joseph Tront∗ David Raymondy, Randy Marchanyy ∗Department of Electrical and Computer Engineering y IT Security Office Virginia Tech, Blacksburg Virginia Tech, Blacksburg Abstract—With wider adoption of micro-service based archi- tectures in cloud and distributed systems, logging and monitoring costs have become increasingly relevant topics of research. There are a large number of log analysis tools such as the ELK(ElasticSearch, Logstash and Kibana) stack, Apache Spark, Sumo Logic, and Loggly, among many others. These tools have been deployed to perform anomaly detection, diagnose threats, optimize performance, and troubleshoot systems. Due to the real- time and distributed nature of logging, there will always be a need to optimize the performance of these tools; this performance can be quantified in terms of compute, storage, and network utilization. As part of the Information Technology Security Lab at Virginia Tech, we have the unique ability to leverage production data from the university network for research and testing. We analyzed the workload variations from two production systems at Virginia Tech, finding that the maximum workload is about four times the average workload. Therefore, a static configuration can lead to an inefficient use of resources. To address this, we propose PhelkStat: a tool to evaluate the temporal and spatial attributes of system workloads, using clustering algorithms to categorize the current workload. Using PhelkStat, system parameters can be automatically tweaked based on the workload. This paper reviews publicly available system event log datasets from supercomputing clusters and presents a statistical analysis of these datasets.
    [Show full text]
  • The New Normal: Cloud, Devops, and Saas
    MARCH 2017 THE NEW NORMAL: CLOUD, DEVOPS, AND SAAS Methodology ANALYTICS TOOLS REIGN IN Sumo Logic commissioned UBM plc to conduct an online survey THE MODERN APP ERA in December 2016 exploring the As trends such as cloud computing and DevOps become the de facto current state of IT operations and modern application tools in standard, organizations are increasingly looking for next-generation enterprises. analytics tools and services that provide continuous intelligence to help them build, run, and secure modern applications, and to acceler- The final data set comprises 235 IT operations, application ate their journey to the cloud. However, they struggle with challenges development, and informa- related to security, siloed tools, and customization. A new survey con- tion security professionals. ducted by UBM and Sumo Logic highlights the need for visibility into All respondents are from companies with 500 or more and intelligence about the full IT application stack. employees, with roughly half from companies with 5,000 nterprise IT operates far diferently today than it did a decade or even or more employees. About just five years ago. The modern app era is redefining the way that one-third of respondents work in IT management, including enterprise IT teams build, run, manage, and secure their applications. titles such as CIO, CTO, VP of EInstead of running only their own servers in a traditional data center, IT, IT director and IT manager. today’s organizations are far more likely to be using public cloud computing Respondents’ companies are in a wide variety of industries, with services and/or their own private clouds.
    [Show full text]
  • IT Visibility with Sumo Logic Monitoring and Supporting Your IT Infrastructure
    SOLUTIONS BRIEF IT Visibility with Sumo Logic Monitoring and Supporting Your IT Infrastructure Sumo Logic is the cloud-native service that delivers visibility into the operation of an organization’s IT infrastructure. Today’s IT environment is more complex then ever before. With cloud infrastructures, multi-vendor environments, borderless CLOUD applications and continuous deployments models, all generating data at an unprecedented scale, problem identification and repair EDGE SERVICES APPLICATIONS present formidable challenges. IT teams attempt to analyze their infrastructures in monitoring silos, where a failure in one area can impact an entire service, generating multiple alerts across multiple tools – resulting in silos of management and monitoring. OPERATING SYSTEMS MICROSERVICES IT is under pressure to keep critical business applications and services IT OPERATIONS running to meet the demands of the business and customer. Buts with multiple legacy monitoring tools this can present quite a challenge. CONTAINERS IT teams require a modern solution that integrates with their current environment and provides end-to-end visibility in a single unified view VIRTUALIZATION for all their applications and supporting infrastructure. ON-PREMISE Sumo Logic - The Service for IT Operations The Sumo Logic Service Model Advantage Sumo Logic is the cloud-native service that helps deliver visibility into the operation of an organization’s IT infrastructure. By ingesting the • Eliminate monitoring silos by merging all your application and growing pool of machine data generated within the IT environment, IT infrastructure data Sumo Logic easily delivers critical performance, availability, • Discover meaningful patterns in your IT data and resolve configuration, capacity, and security insights to help you monitor and issues faster support your critical business apps and underlying IT infrastructure.
    [Show full text]
  • International Journal for Scientific Research & Development
    IJSRD - International Journal for Scientific Research & Development| Vol. 3, Issue 04, 2015 | ISSN (online): 2321-0613 Comparison of DevOps Log Monitoring Tools Nisarga Jagadish S1 Prof. Shantala C P2 1PG Scholar 2Professor and HOD 1,2Department of Computer Science & Engineering 1,2CIT, Gubbi Abstract— Devops is an approach in which operation team huge amount of data generated by machine. It generates the and development engineers team work together throughout data, indexes the data and relates the data in searchable entire life cycle. Devops can be divided into different repository so that it can generates graphs, reports, alerts, domains namely Deployment and configuration, Build and dashboards and visualization. Main aim of Splunk is make test, Monitoring and Log monitoring. In this paper, author the data accessible throughout the organization, also gives the description of log monitoring, different types of identifies the data patterns to be searched, provides metrics log monitoring tools and comparison between log to it and troubleshoots the problem raised in the monitoring tools. organization. [4] Key words: Log Monitoring, DevOps Splunk server is scalable software which is written in C/C++ and python. Mainly it takes data generated I. INTRODUCTION by any server, applications or it can be any device. Splunkd DevOps is a combination of development and operation. It and Splunkweb is called the Splunk developer API and this is a software development method that is comprised of developer API is accessible by REST and SOAP or CLI communication, sharing of information and usage of web (Command Line Interface). Splunk main function is to index services, integration, automation and it also measures the the collected data and also to search for logs or log data.
    [Show full text]
  • Omdia Universe: Selecting an Aiops Solution, 2021–22
    Publication date 02 Jul 2021 Author Roy Illsley Chief Analyst Omdia Universe: Selecting an AIOps Solution, 2021–22 S Brought to you byby InformaInforma Tech Tech Omdia Universe: Selecting an AIOps Solution, 01 2021–22 Summary Catalyst The introduction of the latest technology can be seen as a way for organizations to accelerate growth, increase efficiency, and improve customer service. AI for IT operations (AIOps) is one area where the application of technology, if not matched with organizational maturity and readiness, will fail to deliver all promised benefits. This report provides an analysis of the AIOps market. Figure 1 shows the diversity in the AIOps market. Figure 1: The Omdia Universe for AIOps Source: Omdia © 2021 Omdia. All rights reserved. Unauthorized reproduction prohibited. Omdia Universe: Selecting an AIOps Solution, 02 2021–22 Omdia view AIOps is an evolving market from many different IT operational management domains. This evolution witnessed the vendors develop initial solutions based on their own domain-specific perceptions of business requirements. However, as the market matured, the domain expertise and perception of requirements changed, and the leading AIOps vendors have all demonstrated a clear understanding of what an AIOps solution must offer to customers. The pleasing aspect of this maturity is a recognition that AIOps must be an open solution that does not demand customers to deploy a single vendors stack of capabilities alone; rather, AIOps can work with existing domain expert systems such as application performance monitoring (APM), etc. to provide a broad and deep perspective of the IT environment. Omdia can see the potential future evolution of AIOps as branching out to more business and other related areas such as environmental sustainability.
    [Show full text]
  • The Complete Guide to Atlassian for ITSM
    The complete guide to Atlassian for ITSM Reimagine ways of working across IT delivery, operations, and support Contents 4 Introduction 6 About Atlassian 9 Atlassian’s approach to ITSM 13 Getting started with Atlassian’s ITSM solution 15 Service delivery 16 IT business management 25 Change enablement 42 Service configuration management 47 Knowledge management 51 Service operations 52 Incident management 67 Problem management 72 Service support 73 Request management 83 Asset management 91 Enterprise service management 95 Resources 96 Atlassian Team Playbook and IT guides 98 Extend your ITSM solution with Marketplace Apps 100 Enterprise services 101 Atlassian’s cheat sheet for high-velocity ITSM 104 About the authors THE COMPLETE GUIDE TO ATLASSIAN FOR ITSM 2 01 Introduction Introduction We live in amazing times. The world is moving at breakneck speed, from super quantum computing to artificial intelligence to self-driving cars. Enterprises across every industry — from traditional banks to pizza delivery — are undergoing massive digital transformation powered by software. At the same time, customers have higher expectations for on-demand services than ever before. When the risk of downtime means billions in lost revenue and customer backlash, the stakes of missing customer expectations for availability and performance are higher than ever. What’s more, the rise of the knowledge worker in enterprises demands instant access to information and ways to be productive. INTRODUCTION 4 There’s so much at stake, and it’s not slowing down anytime soon. Yet bounded by complex processes and expensive modules, legacy tools are inflexible and hard to adapt in the face of increasingly dynamic business and technology needs.
    [Show full text]
  • Business Challenge Solution Results
    CASE STUDY Xero Sumo Logic delivers a scalable log analytics platform for Xero that supports the company’s fast growth and rapid pace of innovation Overview Business Challenge predictable performance and cost even with the ingestion of hundreds of GB of log per day. Company Xero is a fast growing, global, small business • Xero accounting platform with over 1.3 million Sumo Logic also proved itself to be a fexible subscribers in over 180 countries. To keep platform that can easily ingest data from Industry pace with its growth, Xero revamped its AWS services and other cloud sources. • Financial Services product architecture and migrated its Ingesting logs from new sources no longer infrastructure to Amazon Web Services became a barrier to innovation for Headquarters (AWS). Shifting from its existing on-premise Xero’s developers. • Wellington, New Zealand log management solution to Sumo Logic’s cloud offering delivered predictable cost and Results Size performance for analytics within Xero, as well • 2,000+ Employees as a fexible ingestion platform for logs from • A modernized log ingestion and new AWS services. processing environment that scales Use Case with Xero’s rapid growth - typically • Operations Solution 5-10 percent increase in log volume • Security per month. Xero turned to Sumo Logic’s born-in- • Actionable intelligence - delivered in real- the-cloud log management solution to time – to users in the entire organization dramatically speed up its ability to derive • Xero’s developers and operations can value from tremendous quantities of machine easily ingest new types of logs from data. The migration to AWS resulted in a 5x AWS services, containerised applications increase in log volume and 3x increase in and third parties the number of log types – all within the frst six months.
    [Show full text]