Log streaming: Sumo Logic

Last updated 2023-09-13

Fastly's Real-Time Log Streaming feature can send log files to Sumo Logic. Sumo Logic is a web-based log analytics platform used by developers and IT teams.

NOTE

Fastly does not provide direct support for third-party services. Read Fastly's Terms of Service for more information.

Setting up Sumo Logic

To use Sumo Logic as a logging endpoint, you'll need to create a Sumo Logic account, add a new source, and save the HTTP Source URL. Follow these instructions to add a new source in the Sumo Logic website:

The process starts with the Sumo Logic Setup Wizard, which appears immediately after you create your Sumo Logic account. If you already have an account, you can access the wizard by selecting Setup Wizard from the Manage menu at the top of the Sumo Logic application.
Click Set Up Streaming Data.
Click All Other Sources.
Click HTTP Source.
In the Source Category field, enter a human-readable name for the category (e.g., fastly_cdn) and select a time zone for your log file.
Click Continue. The HTTP Source URL appears.
Copy the HTTP Source URL. You will enter this value in the Fastly web interface.
Click Continue. Sumo Logic will add the new source.

Adding Sumo Logic as a logging endpoint

After you've created a Sumo Logic account and obtained the HTTP Source URL, follow these instructions to add Sumo Logic as a logging endpoint for Fastly services:

Deliver services
Compute services

Review the information in our guide to setting up remote log streaming.
In the Sumo Logic area, click Create endpoint.
Fill out the Create a Sumo Logic endpoint fields as follows:
- In the Name field, enter a human-readable name for the endpoint.
- In the Placement area, select where the logging call should be placed in the generated VCL. Valid values are Format Version Default, waf_debug (waf_debug_log), and None. Read our guide on changing log placement for more information.
- In the Log format field, optionally enter an Apache-style string or VCL variables to use for log formatting. Consult the example format section for details.
- In the Collector URL field, enter the address of the HTTP Source URL you found in the Sumo Logic website.
(Optional) To change the log line format, click Advanced options. In the Select a log line format area, select the log line format for your log messages. Our guide on changing log line formats provides more information.
Click Create to create the new logging endpoint.
Click Activate to deploy your configuration changes.

Example format

The following is an example format string for sending data to Sumo Logic. Our discussion of format strings provides more information.

{
  "timestamp": "%{strftime(\{"%Y-%m-%dT%H:%M:%S%z"\}, time.start)}V",
  "client_ip": "%{req.http.Fastly-Client-IP}V",
  "geo_country": "%{client.geo.country_name}V",
  "geo_city": "%{client.geo.city}V",
  "host": "%{if(req.http.Fastly-Orig-Host, req.http.Fastly-Orig-Host, req.http.Host)}V",
  "url": "%{json.escape(req.url)}V",
  "request_method": "%{json.escape(req.method)}V",
  "request_protocol": "%{json.escape(req.proto)}V",
  "request_referer": "%{json.escape(req.http.referer)}V",
  "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
  "response_state": "%{json.escape(fastly_info.state)}V",
  "response_status": %{resp.status}V,
  "response_reason": %{if(resp.response, "%22"+json.escape(resp.response)+"%22", "null")}V,
  "response_body_size": %{resp.body_bytes_written}V,
  "fastly_server": "%{json.escape(server.identity)}V",
  "fastly_is_edge": %{if(fastly.ff.visits_this_service == 0, "true", "false")}V
}

Troubleshooting

The Sumo Logic logging endpoint is designed for services with sustained levels of traffic. If you aren't seeing any logs in Sumo Logic, try waiting a bit.

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Network services

Security

Compute

Quick start

Building blocks