Recently we caught up with the Sumo Logic team to discuss network visibility and optimizing application stack views. We took a look at their API and found that it would be easiest to use the HTTP Ingest method to send in our metric data.
Sumo Logic offers a few different formats in which to ingest metrics. We chose the Carbon 2.0 format as it is relatively simple, yet offers enough flexibility to handle various additional enriched data that we augment the network flow with, such as ASN, geographical source/destination, protocols, etc. By leveraging the extensible design of ktranslate we created a new Carbon 2.0 output formatter that looks like the following:
By using the Carbon intrinsic tags such as the “mtype” and “unit” we can get rich data views from within Sumo Logic. We also add our enriched data using meta tags that enable better queries and filters from within Sumo Logic.
Once we had the format ready it was pretty straightforward to send the data to the Sumo Logic API using the ktranslate HTTP exporter. We needed to have the Sumo Logic API hosted collector endpoint and we were good to go. Here is an example:
Once we have ktranslate sending metrics we should be able to see them on the Sumo Logic “Metrics” view:
We can then build a simple dashboard showing network data such as source and destination transfer: