My main use cases with Sumo Logic Security are the same as Splunk; it is not log management, but rather security events and information, a security information system like SIEM.
Logs for Security (AWS Built-In)
Sumo Logic Inc.External reviews
359 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Has improved implementation speed and coverage but lacks contextual accuracy in alerts
What is our primary use case?
What is most valuable?
The features I find most useful in Sumo Logic Security are the ease of implementation and connectors; they have a very easy connection and many connectors to important systems, making it very easy to implement and fast to start running in production.
Sumo Logic's diverse log sources support very much for my digital transformation, and this is a strong side of the system. They have wide support for connectors, enabling me to implement almost any system with webhooks and connect whatever I want, so this aspect is definitely a strong side of this product.
What needs improvement?
One major improvement I would suggest for Sumo Logic Security is in its risk-based alerting system; while it initially sounds clever and modern, it works as a point-based system where an IP address or entity gets points for bad actions, raising alerts when enough points are collected. This can lead to alerts that are collections of disjointed signals that sometimes make no sense and lack real context; this simplistic approach makes it hard to find coherent stories during investigations.
To improve in the support area, I recommend enhancing the technical part because, while the process is good, the actual quality may depend on the personnel involved.
For how long have I used the solution?
I have been working with Sumo Logic Security for fourteen months.
What do I think about the stability of the solution?
I have used Sumo Logic Security's threat detection feature, and I think it is very easy to use. The query language is pretty straightforward and easy, and it is very powerful for building different searches and dashboards that will serve for later exploration of the same interests I have.
I have used the anomaly detection capabilities in Sumo Logic Security, and it works pretty well out of the box. We did not verify the effectiveness, but it identifies a lot of anomalies and functions as a risk-based system mainly, where each log can become a signal. Each one gets several points, and if an entity or user and IP gets enough bad points, then an alert is raised. Each person or IP in a company has a bucket, and for each bad signal, you put a point in this bucket, and when you reach a certain point, an alert is created. However, while it is very easy and automated, it is also a negative side because it provides less context for things I am interested in finding in the alerting system.
What do I think about the scalability of the solution?
I did not face any significant issues with Sumo Logic Security, but the pricing may be a concern as they try to upsell and raise the prices very quickly.
How are customer service and support?
I would rate the support from Sumo Logic Security as about a seven. It depends on the person providing support, but in general, they usually provide continuous support post-implementation, being in touch and trying to help, which makes their after-sale process better than Splunk.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup for Sumo Logic Security is pretty easy and straightforward.
What about the implementation team?
For Sumo Logic Security, I believe the deployment was internal, while for Splunk, it involved some hours from a reseller and Splunk themselves, making it a hybrid approach.
What was our ROI?
My company has not calculated ROI for Sumo Logic Security.
Which other solutions did I evaluate?
When comparing Sumo Logic Security with other tools such as Splunk, I see advantages such as its easier implementation, especially for companies that lack cybersecurity know-how; Sumo Logic Security can be beneficial for quick setup. However, while it is good for average tasks without needing three engineers, Splunk allows for more configuration to meet specific organizational needs, although it requires more expertise and time.
What other advice do I have?
The compliance reporting tool in Sumo Logic Security is pretty acceptable; nothing special, but it is okay in helping meet regulatory requirements for my organization.
Overall, I think Sumo Logic Security is acceptable; it is a pretty slick, nice product, with no significant additional features that I feel need to be added or improved.
For those considering using Sumo Logic Security, I would recommend checking it out.
I do not rate it a ten because I find some aspects of how the system works overall to be strange. My review rating for Sumo Logic Security is seven.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Robust Real-Time Intelligence, Minor Latency with Historical Data
What do you like best about the product?
What I appreciate most is the platform's robustness as a Continuous Intelligence solution. Its cloud-native architecture enables organizations to efficiently unify and analyze vast amounts of machine data in real time, which helps maintain continuous application reliability and enhances their security against modern threats.
What do you dislike about the product?
I've noticed that the platform sometimes experiences latency when querying large amounts of historical or archived data, particularly during comprehensive searches within these secondary repositories.
What problems is the product solving and how is that benefiting you?
Since adopting Sumo Logic, our security has improved thanks to real-time threat detection, and our operational decision-making has become more efficient, resulting in more reliable and consistent service.
Powerful Insights with Sumo Logic, But Data Retention Costs Add Up
What do you like best about the product?
What I appreciate most about Sumo Logic is its Continuous Intelligence feature. It brings together vast amounts of diverse data and, with the help of AI, quickly transforms this information into actionable insights. This capability significantly speeds up the resolution of both security and operational issues.
What do you dislike about the product?
The licensing plan imposes strict limits on data retention, so storing logs and metrics for longer periods comes with extra costs.
What problems is the product solving and how is that benefiting you?
This tool has played a vital role in helping me resolve issues swiftly, thanks to its real-time search and analysis capabilities. It delivers essential security, allowing for proactive threat detection and supporting the smooth operation of our entire infrastructure.
Easy Log Search, No Complaints
What do you like best about the product?
Ease to search for logs, properly grouped logging structure
What do you dislike about the product?
Nothinng to dislike about this amazing product
What problems is the product solving and how is that benefiting you?
I used sumo logic to log our backend server logs. It was very helpful in terms of debugging and monitoring
Fantastic Value for Small Teams, but a Bit Clunky
What do you like best about the product?
- Runtime calculated fields are incredible. Unlike Datadog (where calculated fields must be defined at ingestion time), Sumo Logic lets you define them on the fly. This is a massive productivity boost when you’re iterating on queries or exploring new log patterns.
- Outstanding value. Hosting my entire company’s logs cost roughly $100/month, which is shockingly affordable compared to Datadog or similar platforms.
- Easy integration with Heroku. The setup was quick and straightforward—no complex pipelines or custom agents required.
- Powerful search and flexibility. Once you get comfortable with its syntax, the query language is expressive and great for digging deep into logs.
- Outstanding value. Hosting my entire company’s logs cost roughly $100/month, which is shockingly affordable compared to Datadog or similar platforms.
- Easy integration with Heroku. The setup was quick and straightforward—no complex pipelines or custom agents required.
- Powerful search and flexibility. Once you get comfortable with its syntax, the query language is expressive and great for digging deep into logs.
What do you dislike about the product?
- Clunky UI. The interface feels dated and can be unintuitive to navigate, especially compared to modern tools like Datadog or Grafana Cloud.
- Alerting delays. Alerts tend to fire a bit slower than other platforms. Datadog, for example, seems to detect and trigger incidents faster in my experience.
- Limited ecosystem integration. For larger organizations, the lack of tight integration with APM and error-tracking tools can create friction—you end up context-switching across multiple dashboards to investigate an issue.
- Alerting delays. Alerts tend to fire a bit slower than other platforms. Datadog, for example, seems to detect and trigger incidents faster in my experience.
- Limited ecosystem integration. For larger organizations, the lack of tight integration with APM and error-tracking tools can create friction—you end up context-switching across multiple dashboards to investigate an issue.
What problems is the product solving and how is that benefiting you?
Sumo Logic gives us centralized log management across all of our apps and services, without the cost or setup complexity. It solves many problems for me:
- Unified visibility into production logs – We can search across all Heroku apps and services from a single place, making debugging and audits much faster.
- Ad-hoc analytics and troubleshooting – The runtime calculated fields are incredibly powerful. I can slice, transform, and aggregate logs on the fly instead of predefining every field at ingestion time (which is a big limitation in tools like Datadog).
- Automated alerting for critical issues – Sumo Logic monitors our logs in real time and triggers alerts when system-critical patterns appear, helping us catch problems before they escalate into outages.
- Affordable observability for startups – It provides serious log analysis capabilities at a fraction of the cost. We were able to ingest and retain all company logs for around $100/month, which made full observability feasible early on.
- Unified visibility into production logs – We can search across all Heroku apps and services from a single place, making debugging and audits much faster.
- Ad-hoc analytics and troubleshooting – The runtime calculated fields are incredibly powerful. I can slice, transform, and aggregate logs on the fly instead of predefining every field at ingestion time (which is a big limitation in tools like Datadog).
- Automated alerting for critical issues – Sumo Logic monitors our logs in real time and triggers alerts when system-critical patterns appear, helping us catch problems before they escalate into outages.
- Affordable observability for startups – It provides serious log analysis capabilities at a fraction of the cost. We were able to ingest and retain all company logs for around $100/month, which made full observability feasible early on.
Sumo Logic great product
What do you like best about the product?
Very easy to search through large amounts of logs. The query language allows me to filter to exactly what am looking for.
What do you dislike about the product?
There is a bit of a learning curve for advanced queries and they sometimes take a bit longer to come back with results.
What problems is the product solving and how is that benefiting you?
Sumo Logic has provided us with a great tool to aid in security incidents to correlate events and quickly pinpoint issues.
Sumologic, real time log processing review
What do you like best about the product?
Good for real time log processing, easy to understand query language
What do you dislike about the product?
There is no option to go to the selected page, I have to click too many times
What problems is the product solving and how is that benefiting you?
Easy to debug with sumologic log processing, many filter availability sorts out unwanted logs.
Sumo Logic: Solid observability, but costs pile up
What do you like best about the product?
Sumo Logic offers strong log analytics with wide integrations that make it easy to plug into existing systems.
What do you dislike about the product?
The platform gets expensive at scale, and query performance can lag with high-cardinality data.
What problems is the product solving and how is that benefiting you?
Sumo Logic helps centralize logs and provides useful insights for troubleshooting, improving visibility across services.
Best for logs and finding Root cause for a problem
What do you like best about the product?
Interface is good and We can easily navigate through by filtering in search.
What do you dislike about the product?
Not many options in filters.
Alerts and AI rleated automations not supported
Alerts and AI rleated automations not supported
What problems is the product solving and how is that benefiting you?
It helps to check the logs quicker which helps in less turn around time during production issues.
Review of sumo logic
What do you like best about the product?
ability to look up logs by trace across multiple services
What do you dislike about the product?
There are sometimes delays between the log generation and its visibility on sumo. and sometime sumo misses logs.
What problems is the product solving and how is that benefiting you?
Sumo is used to help analyze logs for errors for root cause analysis for issues.
showing 1 - 10