I use Sumo Logic Security.
Logs for Security (AWS Built-In)
Sumo Logic Inc.External reviews
389 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Clean dashboards have improved daily threat monitoring but cloud integrations still need work
What is our primary use case?
What is most valuable?
The first thing that I like about Sumo Logic Security is the earlier UI and the latest one, which has a clean layout. Since I can track so many good things, the UI has improved from before when it was not as good. Compared to other tools, I prefer the UI much better as it categorizes data very well for me. If I were using other security tools or other SIEM tools, I would need to think a bit and find something, which would be hard and fast. However, I am so adapted to this tool, and the features that they have implemented, including filters and other things, are the best.
Since we are using Sumo Logic Security on the security part, we need to look through all the things and maintain them since there might be some crashes in the data that we are receiving. If we do not update the data points each and every time, some data points might have failed. If the server is offline, it might not report in Sumo Logic, so we need to check at the server level why this issue is being caused. We need to update the agent for Sumo Logic Security and ensure it is up-to-date.
What needs improvement?
I would say there are a few more things that Sumo Logic Security can improve on. It is not the tool; it is a technical part. From the app point of view, I would say when we need to include a few latest features that have currently started in the market, such as new cloud integrations, it is a bit lengthy because it is not available on Sumo Logic Security. Then we have to get some ideas and go through workarounds. We are able to do that, but that is the hard part that I find with Sumo Logic Security. Because they are new to the market, it takes time, but still, since Sumo Logic Security is that famous, it needs to have better integration.
With the market trend, we have some cloud vendors for which we need to do some integration part. It is not directly integrated since it is a third party. On Sumo Logic Security, it is not supported that well compared to other SIEMs or other applications that we might be using. The integration is quite easy, but in Sumo Logic Security, it is not easy.
For how long have I used the solution?
I have been using Sumo Logic Security for more than one and a half years since I joined this organization, and my team has been using it for more than three years.
What do I think about the scalability of the solution?
Sumo Logic Security is quite scalable; it depends on your team and how you implement it.
How are customer service and support?
We have a weekly meeting with the technical team for all our queries since it is included in our package.
I would rate the quality and speed of Sumo Logic Security support seven out of ten since the meetings are close to other vendors only, but they can improve on that part.
Which solution did I use previously and why did I switch?
I have tried using Azure Sentinel in our organization.
With the length of data transfer that we are having day in and day out, I do not find Azure Sentinel to be much feasible compared to Sumo Logic Security that we are currently using. It all depends on the data transfer credits that we are using day in and day out.
How was the initial setup?
It is easy to deploy Sumo Logic Security, since we are always on call with the support team, and there was a specific SME deployed for us from Sumo Logic Security who helps us whenever we get stuck in some part or cannot proceed. They help us in that part.
What's my experience with pricing, setup cost, and licensing?
I would say that the pricing for Sumo Logic Security is in the medium part of the market. If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to find them costly since they are well-known and they have much more integration compared to Sumo Logic Security. They have been earlier in the market and have a vast network of backing behind them. So they charge for their integrity and their well-connectedness. Sumo Logic Security comes in the medium part; it is not very costly and not very light on the pocket. It is in the middle part, and we can say it is close to the best value that we are having right now.
What other advice do I have?
My overall rating of Sumo Logic Security is seven out of ten.
Great Log Search, Overall Solid Experience
What do you like best about the product?
What stands out to me is Sumo Logic’s real-time analytics and ease of deployment. The agent-based and API-driven ingestion makes onboarding fast, and the query language is powerful yet intuitive. The platform’s machine learning capabilities for anomaly detection are also valuable for proactive threat detection and operational visibility.
What do you dislike about the product?
While the query language is powerful, there can be a learning curve for teams coming from tools like Splunk or Elastic. Advanced queries and dashboard optimization sometimes require deeper platform familiarity.
What problems is the product solving and how is that benefiting you?
For me, the benefit is better decision-making. Instead of reacting to incidents blindly, I get actionable insights—whether that’s identifying anomalous behavior, proving compliance with logging requirements, or correlating security and operational events in one platform.
With SumoLogic you will gain total observability and visibility in your environment!
What do you like best about the product?
I really like how easy it is to download and deploy the various Sumologic collectors.
What do you dislike about the product?
While the folks over at SumoLogic are actively working on them, most of their pre-built apps are still in their classic format. As such we, the customers, are forced to wait until they deploy the "Next Gen" version of these apps.
What problems is the product solving and how is that benefiting you?
Sumo Logic is helping us gain observability and visibility in our environment.
Has improved implementation speed and coverage but lacks contextual accuracy in alerts
What is our primary use case?
My main use cases with Sumo Logic Security are the same as Splunk; it is not log management, but rather security events and information, a security information system like SIEM.
What is most valuable?
The features I find most useful in Sumo Logic Security are the ease of implementation and connectors; they have a very easy connection and many connectors to important systems, making it very easy to implement and fast to start running in production.
Sumo Logic's diverse log sources support very much for my digital transformation, and this is a strong side of the system. They have wide support for connectors, enabling me to implement almost any system with webhooks and connect whatever I want, so this aspect is definitely a strong side of this product.
What needs improvement?
One major improvement I would suggest for Sumo Logic Security is in its risk-based alerting system; while it initially sounds clever and modern, it works as a point-based system where an IP address or entity gets points for bad actions, raising alerts when enough points are collected. This can lead to alerts that are collections of disjointed signals that sometimes make no sense and lack real context; this simplistic approach makes it hard to find coherent stories during investigations.
To improve in the support area, I recommend enhancing the technical part because, while the process is good, the actual quality may depend on the personnel involved.
For how long have I used the solution?
I have been working with Sumo Logic Security for fourteen months.
What do I think about the stability of the solution?
I have used Sumo Logic Security's threat detection feature, and I think it is very easy to use. The query language is pretty straightforward and easy, and it is very powerful for building different searches and dashboards that will serve for later exploration of the same interests I have.
I have used the anomaly detection capabilities in Sumo Logic Security, and it works pretty well out of the box. We did not verify the effectiveness, but it identifies a lot of anomalies and functions as a risk-based system mainly, where each log can become a signal. Each one gets several points, and if an entity or user and IP gets enough bad points, then an alert is raised. Each person or IP in a company has a bucket, and for each bad signal, you put a point in this bucket, and when you reach a certain point, an alert is created. However, while it is very easy and automated, it is also a negative side because it provides less context for things I am interested in finding in the alerting system.
What do I think about the scalability of the solution?
I did not face any significant issues with Sumo Logic Security, but the pricing may be a concern as they try to upsell and raise the prices very quickly.
How are customer service and support?
I would rate the support from Sumo Logic Security as about a seven. It depends on the person providing support, but in general, they usually provide continuous support post-implementation, being in touch and trying to help, which makes their after-sale process better than Splunk.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup for Sumo Logic Security is pretty easy and straightforward.
What about the implementation team?
For Sumo Logic Security, I believe the deployment was internal, while for Splunk, it involved some hours from a reseller and Splunk themselves, making it a hybrid approach.
What was our ROI?
My company has not calculated ROI for Sumo Logic Security.
Which other solutions did I evaluate?
When comparing Sumo Logic Security with other tools such as Splunk, I see advantages such as its easier implementation, especially for companies that lack cybersecurity know-how; Sumo Logic Security can be beneficial for quick setup. However, while it is good for average tasks without needing three engineers, Splunk allows for more configuration to meet specific organizational needs, although it requires more expertise and time.
What other advice do I have?
The compliance reporting tool in Sumo Logic Security is pretty acceptable; nothing special, but it is okay in helping meet regulatory requirements for my organization.
Overall, I think Sumo Logic Security is acceptable; it is a pretty slick, nice product, with no significant additional features that I feel need to be added or improved.
For those considering using Sumo Logic Security, I would recommend checking it out.
I do not rate it a ten because I find some aspects of how the system works overall to be strange. My review rating for Sumo Logic Security is seven.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Review of sumo logic
What do you like best about the product?
ability to look up logs by trace across multiple services
What do you dislike about the product?
There are sometimes delays between the log generation and its visibility on sumo. and sometime sumo misses logs.
What problems is the product solving and how is that benefiting you?
Sumo is used to help analyze logs for errors for root cause analysis for issues.
SumoLogic review
What do you like best about the product?
For simple queries, usage feels relatively intuitive and easy to pick up
What do you dislike about the product?
Query language has a learning curve - can take some time to pick up and get used to for complex queries
What problems is the product solving and how is that benefiting you?
Observability, particularly in an incident resolution context. Being able to narrow down on affected entities and root causes
Good tool for observability
What do you like best about the product?
The unified platform integrates logging, metrics and traceability, provides for real time monitoring and is scalable.
What do you dislike about the product?
High costs for data ingestion and requires additional configuration for systems that are non-standard
What problems is the product solving and how is that benefiting you?
Providing a single platform for metrics collection, real time log management and distributed tracing.
Works Well, But the Cost and Flexibility Can Be Better
What do you like best about the product?
Sumo Logic is a decent choice for log management and monitoring, especially in cloud-native environments. It’s easy to set up, scales well, and has useful built-in dashboards. Real-time monitoring and anomaly detection work well, but query performance can sometimes be slow, and the learning curve is there.
What do you dislike about the product?
One of the downsides is cost—pricing can get steep as log volume grows.
What problems is the product solving and how is that benefiting you?
Log management, monitoring, and security analytics challenges.
Good monitoring and log management tool
What do you like best about the product?
Its an all in one place to view your logs in real time, create dashboards etc. I guess there is a lot more it can do, but this is what I've used so far
What do you dislike about the product?
The old UI was really clunky to use. Need to check the new UI properly.
What problems is the product solving and how is that benefiting you?
getting to view the logs from the containers.
Great Product easy to use
What do you like best about the product?
Ease of use and abilty to scale is great. The reporting is great.
What do you dislike about the product?
no Dislikes nothing to say for negative features
What problems is the product solving and how is that benefiting you?
Agggregating logs
showing 1 - 10