Sumo Logic Security is a good solution for searching the logs and identifying the issues. Sumo Logic Security searches the logs to identify issues easily. Suppose we got an issue related to the application 500 error. We store the application logs in Sumo Logic Security. We can easily search those logs to identify where exactly we are facing the application 500 error.

The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI.

It offers real-time observability. We're able to catch real issues right away. 

We can manage multiple screens with multiple panels. 

It's an easy solution to learn. It's also very easy to use.

The solution has been very stable.

Technical support is always great. They are very helpful.

It can scale well.

Pricing is reasonable. 

The solution is automated. It has a good number of extensions like CrowdStrike and AWS extensions. It is very useful. We can integrate threat intelligence solutions into the product.

The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs.

• The tools that they have for searching through logs.
• Doing log comparisons.
• Time shifting the logs.
• The dashboards are good.

The tool has key features like operability. It will alert the admins whenever a device is onboarded.

What I like most is the ability to create custom alerts.

They have a really, really rich query language. I don't know the name of the product offering. I'm sure they have a specific name in the solution, but basically being able to pull all that data in, and be able to build queries in a query language and map that to actions; whether that's alerting or triggering events. And that's really where our SecOps team spends most of their time — trying to look at the forensics, look at the information, and map it to some meaningful event. And they just build all these different queries that map to those events or alerts.

• It's reliable.
• The Curry language is easy to use once you get used to it. 
• The user interface is pretty responsive. 

Therefore, it was a cost value proposition decision.

With the alerting dashboards, you can set up some patterns. Then, on these patterns, you will automatically get alerts.

• The search
• Email alerts

The out of the box applications were very useful for us. We also use the Threat Intelligence integration for our security monitoring.

There are a lot of things we like about this product. 

One is the log aggregation. It basically gives a list of matching patterns on most of the logs. When dealing with something like live error messages etc., you can group by similarities.  That way it is very easy to know where things are in real-time. It has helped us in terms of doing a top-down debugging. If, for example, you see a certain error message or an exception, then you double click to see where exactly it has affected the system. That way, at every stage you are able to go one level deeper until you find the root cause, through the logs or by other means. This is something which I find it really helpful. There are other ways within a window you can search as well. You can find out what happened one or two days before or one or two minutes before this message. It helps you follow a trail of events that will lead you to a particular state.

Users can also do a comparison with regard to the filing. Let's say, for example, you see a certain error come up today, and if you are interested in how was it yesterday or the day before, or maybe 17 days ago, you can take a look. This is one of the features that I found really helpful. 

The solution offers capture host metrics as well. Basically it could be the RAM utilization, CPU, or pretty much everything around the host, including the health of the host. That also comes in handy when we are debugging.

The dashboards are great. We use them for monitoring certain events when they happen to see if we want to act upon them. The monitoring pages and the alerting pages are also very handy.

The key features that we have been using:

• The ability to troubleshoot production issues.
• Set up monitoring for errors. 

Being able to join logs together across many services and servers.

We can ingest logs and make reports out of them. It is a good tool which can help us monitor any issues.