Sumo Logic Verification

Updated 7 hours ago by Michael Cretzman

With Sumo Logic, you can interact with and analyze your data in the cloud in real-time. Sumo Logic uses a powerful and intuitive search capability to expedite functions like forensic analysis, troubleshooting, and system health checks.

You can add a Sumo Logic verification step to your workflow and Sumo Logic will be used by Harness to verify the performance and quality of your deployments using Harness machine-learning verification analysis.

Search with Sumo Logic

Harness Analysis

Verification Setup Overview

You set up Sumo Logic and Harness in the following way:

  1. Using Sumo Logic, you monitor your microservice or application.
  2. In Harness, you connect Sumo Logic to your Harness account, adding Sumo Logic as a Harness Verification Provider.
  3. After you have built and run a successful deployment of your microservice or application in Harness, you then add Sumo Logic verification steps to your Harness deployment workflow.
  4. Harness uses Sumo Logic to verify your future microservice/application deployments.
  5. Harness Continuous Verification uses unsupervised machine-learning to analyze your deployments and Sumo Logic analytics/logs, discovering events that might be causing your deployments to fail. Then you can use this information to improve your deployments.

Intended Audience

  • Developers
  • DevOps

Before You Begin

Connect to Sumo Logic

Connect Harness to Sumo Logic to have Harness verify the success of your deployments. Harness will use your tools to verify deployments and use its machine learning features to identify sources of failures.

The Sumo Logic API is available to Sumo Logic Enterprise Accounts only. For more information, see About the Search Job API from Sumo Logic

To add Sumo Logic as a verification provider, do the following:

  1. Click Setup.
  2. Click Connectors.
  3. Click Verification Providers.
  4. Click Add Verification Provider, and select Sumo Logic. The Add Sumo Logic Verification Provider dialog appears.

The Add Sumo Logic Verification Provider dialog has the following fields.



Sumo Logic API Server URL

The API URL for your Sumo Logic account. The format of the URL is:

Where YOUR_DEPLOYMENT is either us1, us2, eu, de, or au. For us1, use

Sumo Logic applies default rate limiting.

For more information, see API Authentication from Sumo Logic.

Access ID

Enter the access ID for the user account you want to use to connect to Sumo Logic. Access keys are generated by an individual user in Sumo Logic depending on the permissions set for their account.

For more information on creating the access keys, see Access Keys from Sumo Logic.

Access Key

Enter the access key for the Sumo Logic user account using the connection.

For more information, see Access Keys from Sumo Logic.

Display Name

The name for the Sumo Logic verification provider connection in Harness. If you will have multiple Sumo Logic connections, enter a unique name.

You will use this name to select this connection when integrating Sumo Logic with the Verify Steps of your workflows, described below.

Usage Scope

If you want to restrict the use of a provider to specific applications and environments, do the following:

In Usage Scope, click the drop-down under Applications, and click the name of the application.

In Environments, click the name of the environment.

Once you have set up Sumo Logic as a verification provider, you can integrate it into your workflows, as described below.

Verify with Sumo Logic

The following procedure describes how to add Sumo Logic as a verification step in a Harness workflow. For more information about workflows, see Add a Workflow.

Once you run a deployment and Sumo Logic preforms its analysis, Harness' machine-learning verification analysis will assess the risk level of the deployment. The more often your deployment is run, the more data Harness obtains and the more your deployments can be improved.

In order to obtain the names of the host(s), pod(s), or container(s) where your service is deployed, the verification provider should be added to your workflow after you have run at least one successful deployment.

To verify your deployment with Sumo Logic, do the following:

  1. Ensure that you have added Sumo Logic as a verification provider, as described above.
  2. In your workflow, under Verify Service, click Add Verification, and then click Sumo Logic. The Sumo Logic dialog appears.

The Sumo Logic dialog has the following fields.



Sumo Logic Server

Select the Sumo Logic verification provider you added, as described above.

Search Keywords

Enter the keywords for your search. Use the Sumo Logic search field and then copy your keywords into the Sumo Logic dialog.

Example keywords: *exception* and *error*.

For more information, see Search Syntax Overview and Keyword Search Expressions from Sumo Logic.

Field name for Host/Container

Enter the message field that contains the host name. You can find this in the Sumo Logic search. In the Sumo Logic search field, start typing _source and see the metadata options:

Click on the source host option, _sourceHost, and execute a query with it.

View the query results and confirm that the _sourceHost field returns the name of the host. And then enter _sourceHost in the Field name for Host/Container field.

Expression for Host/Container name

Add an expression that evaluates to the hostname value for the Message field host information. For example, in Sumo Logic, if you look at an exception Message, you will see a Host field:

In the service infrastructure where your workflow deployed your artifact (see Add a Service Infrastructure), the hostname is listed in a JSON name label under a host label.

Locate the name label that displays the same value as the Host field in your Sumo Logic Message. Locate the path to that name label and use it as the expression in Expression for Host/Container name.

The default expression is ${host.hostName}.

Analysis Time duration

Set the duration for the verification step. If a verification step exceeds the value, the workflow Failure Strategy is triggered. For example, if the Failure Strategy is Ignore, then the verification state is marked Failed but the workflow execution continues.

Baseline for Risk Analysis

Select one of the following:

  • Previous Analysis - Select Previous Analysis to have this verification use the previous analysis for a baseline comparison.
  • Canary Analysis - If your workflow is a Canary workflow type, you can select Canary Analysis to have this verification compare old versions of nodes to new versions of nodes in real-time.
  • Predictive Analysis - The Predictive Analysis option instructs Harness to take previous logs over the length of time specified in Baseline for Predictive Analysis, set those logs as a baseline analysis, and then compare that baseline with future logs for the length of time in Analysis Time duration. Harness then analyses these past and future logs to see if there are anomalies or unknown and unexpected frequencies that were potentially triggered during deployment.

    For Canary Analysis and Previous Analysis, analysis happens at the host/node/pod level.

    For Predictive Analysis, data collection happens at the host/node/pod level but analysis happens at the application or service level. Consequently, for data collection, provide a query that targets the logs for the host using fields such as SOURCE_HOST in Field name for Host/Container.

Baseline for Predictive Analysis

This option appears if you selected Predictive Analysis in Baseline for Risk Analysis. Specify the time unit Harness should use to pull logs to set as the baseline for predictive analysis, such as Last 30 minutes.

A few notes about selecting the time unit for Baseline for Predictive Analysis:

  • The greater the length of time you specify for a Predictive Analysis baseline (in Baseline for Predictive Analysis), the longer it takes Harness to run the analysis. If you select Last 24 hours, it could take up to 15 or more minutes to perform predictive analysis.
  • The greater the length of time you specify for a Predictive Analysis baseline, the more API calls Harness makes to the verification provider. Harness makes API calls to verification providers to obtain logs grouped in 15 minutes batches. If you specify a long amount of time for a Predictive Analysis baseline, Harness will need to make a lot of API calls to the verification provider. For example, if you select Last 24 hours as the baseline for Predictive Analysis, then Harness will make 96 API calls to collect that data.

Algorithm Sensitivity

Select the sensitivity that will result in the most useful results for your analysis.

Execute with previous steps

Check this checkbox to run this verification step in parallel with the previous steps in Verify Service.

Failure Criteria

Specify the sensitivity of the failure criteria. When the criteria is met, the workflow Failure Strategy is triggered.

Include instances from previous phases

If you are using this verification step in a multi-phase deployment, select this checkbox to include instances used in previous phases when collecting data. Do not apply this setting to the first phase in a multi-phase deployment.

When you are finished, click SUBMIT. The Sumo Logic verification step is added to your workflow.


  • If you select Predictive Analysis in Baseline for Risk Analysis, the Harness verification results display the during of the analysis. See Baseline in the image below:

Verification Results

Once you have deployed your workflow (or pipeline) using the Sumo Logic verification step, you can automatically verify cloud application and infrastructure performance across your deployment. For more information, see Add a Workflow and Add a Pipeline.

Workflow Verification

To see the results of Harness machine-learning evaluation of your Sumo Logic verification, in your workflow or pipeline deployment you can expand the Verify Service step and then click the Sumo Logic step.

Continuous Verification

You can also see the evaluation in the Continuous Verification dashboard. The workflow verification view is for the DevOps user who developed the workflow. The Continuous Verification dashboard is where all future deployments are displayed for developers and others interested in deployment analysis.

To learn about the verification analysis features, see the following sections.


Deployment info
See the verification analysis for each deployment, with information on its service, environment, pipeline, and workflows.

Verification phases and providers
See the vertfication phases for each vertfication provider. Click each provider for logs and analysis.

Verification timeline
See when each deployment and verification was performed.

Transaction Analysis

Execution details
See the details of verification execution. Total is the total time the verification step took, and Analysis duration is how long the analysis took.

Risk level analysis
Get an overall risk level and view the cluster chart to see events.

Transaction-level summary
See a summary of each transaction with the query string, error values comparison, and a risk analysis summary.

Execution Analysis

Event type
Filter cluster chart events by Unknown Event, Unexpected Frequency, Anticipated Event, Baseline Event, and Ignore Event.

Cluster chart
View the chart to see how the selected event contrast. Click each event to see its log details.

Event Management

Event-level analysis
See the threat level for each event captured.

Tune event capture
Remove events from analysis at the service, workflow, execution, or overall level.

Event distribution
Click the chart icon to see an event distribution including the measured data, baseline data, and event frequency.

Sumo Logic 24/7 Service Guard Setup

Harness Workflow verification steps provide verification of Harness deployments and the running microservice for the first 15-30 minutes. Harness 24/7 Service Guard provides detection of your microservices from then on, catching problems that surface minutes or hours following deployment.

You can add your Sumo Logic monitoring to Harness 24/7 Service Guard in your Harness Application Environment.

For more information on 24/7 Service Guard, see 24/7 Service Guard.

To set up 24/7 Service Guard for Sumo Logic, do the following:

  1. Ensure that you have added Sumo Logic as a Harness Verification Provider, as described above.
  2. In your Harness Application, click Environments.
  3. In Environments, click the Environment for your running microservice. Typically, the Environment Type is Production.
  4. In the Environment page, locate 24/7 Service Guard.
  5. In 24/7 Service Guard, click Add Service Verification, and then click Sumo Logic.

    The Sumo Logic dialog appears.

  6. Fill out the dialog. The dialog has the following fields.
For 24/7 Service Guard, the queries you define to collect logs are specific to the application or service you want monitored. Verification is application/service level. This is unlike Workflows, where verification is performed at the host/node/pod level.



Display Name

The name that will identify this service on the Continuous Verification dashboard. Use a name that indicates the environment and monitoring tool, such as SumoLogic.


The Harness Service to monitor with 24/7 Service Guard.

Sumo Server

Select the Sumo Logic Verification Provider to use.

Search Keywords

Enter search keywords for your query, such as *exception*.

Algorithm Sensitivity

Select the Algorithm Sensitivity.

Enable 24/7 Service Guard

Click the checkbox to enable 24/7 Service Guard.


Select the baseline time unit for monitoring. For example, if you select For 4 hours, Harness will collect the logs for the last 4 hours as the baseline for comparisons with future logs. If you select Custom Range you can enter a Start Time and End Time.

When you are finished, the dialog will look something like this:

  1. Click TEST. Harness verifies the settings you entered.
  2. Click SUBMIT. The Sumo Logic 24/7 Service Guard is configured.

To see the running 24/7 Service Guard analysis, click Continuous Verification.

The 24/7 Service Guard dashboard displays the production verification results.

For information on using the dashboard, see Using 24/7 Service Guard.

Next Steps

How did we do?