Sumo Logic 

Permission requirements for accessing logs

To export logs from Sumo Logic, your user account needs to have one of the following roles:

  • Administrator
  • Analyst
  • Custom Role that includes the “View Collectors” capability and no restrictions on search queries (see the Administration > Users & Roles screen for details)

Downloading logs

The following steps will walk you through exporting all logs for a 30-day time period from Sumo Logic. 

First, log into the Sumo Logic dashboard and click the “+ New” button in the top middle of the page to start a new log search. 

step1sumologic


After clicking the “+ New” button, select “Log Search” from the menu.

step2sumologic

On the “Log Search” screen:

  1. Set the query string to “*” (without the quotation marks)

  2. Choose a time range of “Last 30 Days”

  3. Click the “Start” button to execute the search

    step3sumologic

When the search completes, click the gear icon in the middle right of the screen and then select “Export (All Fields)” to download a CSV file export of all log messages.

step4sumologic


The CSV file will be saved to your local system and is now ready for upload to Oort.

step5sumologic


If the number of log messages exceeds 100K, Sumo Logic may truncate the log file. In this case, change the time frame from “Last 30 Days” to Custom. Export log messages for a week or a day at time, and run multiple sequential exports to gather 30 days of history