Sumo Logic Verification

Updated 1 month ago by Michael Cretzman

The following sections describe how Harness integrates Sumo Logic into Harness Continuous Verification to monitor your live, production services and verify your deployments:

Sumo Logic and Harness

With Sumo Logic, you can interact with and analyze your data in the cloud in real-time. Sumo Logic uses a powerful and intuitive search capability to expedite functions like forensic analysis, troubleshooting, and system health checks.

Harness Continuous Verification integrates with Sumo Logic to verify your deployments and live production applications using the following Harness features:

  • 24/7 Service Guard- Monitors your live, production applications.
  • Deployment Verification- Monitors your application deployments, and performs automatic rollback according to your criteria.

This document describes how to set up these Harness Continuous Verification features and monitor your deployments and production applications using its unsupervised machine-learning functionality.

Search with Sumo Logic

Harness Analysis

Setup Preview

You set up Sumo Logic and Harness in the following way:

  1. Sumo Logic - Monitor your application using Sumo Logic. In this article, we assume that you are using Sumo Logic to monitor your application already.
  2. ​Verification Provider Setup - In Harness, you connect Harness to your Sumo Logic account, adding Sumo Logic as a Harness Verification Provider.
  3. Harness Application- Create a Harness Application with a Service and an Environment. We do not cover Application set up in this article. See Application Checklist.
  4. ​24/7 Service Guard Setup - In the Environment, set up 24/7 Service Guard to monitor your live, production application.
  5. Verify Deployments:
    1. Add a Workflow to your Harness Application and deploy your microservice or application to the service infrastructure in your Environment.
    2. After you have run a successful deployment, you then add verification steps to the Workflow using your Verification Provider.
    3. Harness uses unsupervised machine-learning and Sumo Logic analytics to analyze your future deployments, discovering events that might be causing your deployments to fail. Then you can use this information to set rollback criteria and improve your deployments.

Verification Provider Setup

The first step in using Sumo Logic with Harness is to set up a Sumo Logic Verification Provider in Harness.

A Harness Verification Provider is a connection to monitoring tools such as Sumo Logic. Once Harness is connected, you can use Harness 24/7 Service Guard and Deployment Verification with your Sumo Logic data and analysis.

The Sumo Logic API is available to Sumo Logic Enterprise Accounts only. For more information, see About the Search Job API from Sumo Logic

To add Sumo Logic as a verification provider, do the following:

  1. In Harness, click Setup.
  2. Click Connectors, and then click Verification Providers.
  3. Click Add Verification Provider, and select Sumo Logic. The Add Sumo Logic Verification Provider dialog appears.
  1. Complete the following fields of the Add Sumo Logic Verification Provider dialog.



Sumo Logic API Server URL

The API URL for your Sumo Logic account. The format of the URL is:

Where YOUR_DEPLOYMENT is either us1, us2, eu, de, or au. For us1, use

Sumo Logic applies default rate limiting.

For more information, see API Authentication from Sumo Logic.

Access ID

Enter the access ID for the user account you want to use to connect to Sumo Logic. Access keys are generated by an individual user in Sumo Logic depending on the permissions set for their account.

For more information on creating the access keys, see Access Keys from Sumo Logic.

Access Key

Enter the access key for the Sumo Logic user account using the connection.

For more information, see Access Keys from Sumo Logic.

Display Name

The name for the Sumo Logic verification provider connection in Harness. If you will have multiple Sumo Logic connections, enter a unique name.

You will use this name to select this connection when integrating Sumo Logic with the Verify Steps of your workflows, described below.

Usage Scope

If you want to restrict the use of a provider to specific applications and environments, do the following:

In Usage Scope, click the drop-down under Applications, and click the name of the application.

In Environments, click the name of the environment.

  1. When you have set up the dialog, click TEST.
  2. Once the test is completed, click SUBMIT to add the Verification Provider.

Once you have set up Sumo Logic as a Verification Provider, you can integrate it into 24/7 Service Guard and your Workflows, as described below.

24/7 Service Guard Setup

Harness 24/7 Service Guard monitors your live applications, catching problems that surface minutes or hours following deployment. For more information, see 24/7 Service Guard.

You can add your Sumo Logic monitoring to Harness 24/7 Service Guard in your Harness Application Environment. For a setup overview, see Setup Preview.

For more information on 24/7 Service Guard, see 24/7 Service Guard.

To set up 24/7 Service Guard for Sumo Logic, do the following:

  1. Ensure that you have added Sumo Logic as a Harness Verification Provider, as described in Verification Provider Setup.
  2. In your Harness Application, ensure that you have added a Service, as described in Services. For 24/7 Service Guard, you do not need to add an Artifact Source to the Service, or configure its settings. You simply need to create a Service and name it. It will represent your application for 24/7 Service Guard.
  3. In your Harness Application, click Environments.
  4. In Environments, ensure that you have added an Environment for the Service you added. For steps on adding an Environment, see Environments.
  5. Click the Environment for your Service. Typically, the Environment Type is Production.
  6. In the Environment page, locate 24/7 Service Guard.
  7. In 24/7 Service Guard, click Add Service Verification, and then click Sumo Logic. The Sumo Logic dialog appears.
  8. Fill out the dialog. The dialog has the following fields.
For 24/7 Service Guard, the queries you define to collect logs are specific to the application or service you want monitored. Verification is application/service level. This is unlike Workflows, where verification is performed at the host/node/pod level.



Display Name

The name that will identify this service on the Continuous Verification dashboard. Use a name that indicates the environment and monitoring tool, such as SumoLogic.


The Harness Service to monitor with 24/7 Service Guard.

Sumo Server

Select the Sumo Logic Verification Provider to use.

Search Keywords

Enter search keywords for your query, such as *exception*.

Algorithm Sensitivity

Select the Algorithm Sensitivity.

Enable 24/7 Service Guard

Click the checkbox to enable 24/7 Service Guard.


Select the baseline time unit for monitoring. For example, if you select For 4 hours, Harness will collect the logs for the last 4 hours as the baseline for comparisons with future logs. If you select Custom Range you can enter a Start Time and End Time.

When you are finished, the dialog will look something like this:

  1. Click TEST. Harness verifies the settings you entered.
  2. Click SUBMIT. The Sumo Logic 24/7 Service Guard is configured.

To see the running 24/7 Service Guard analysis, click Continuous Verification.

The 24/7 Service Guard dashboard displays the production verification results.

For information on using the dashboard, see Using 24/7 Service Guard.

Verify Deployments

Harness can analyze Sumo Logic data and analysis to verify, rollback, and improve deployments. To apply this analysis to your deployments, you set up Sumo Logic as a verification step in a Harness Workflow.

This section covers how to set up Sumo Logic in a Harness Workflow, and provides a summary of Harness verification results.

In order to obtain the names of the host(s), pod(s), or container(s) where your service is deployed, the verification provider should be added to your workflow after you have run at least one successful deployment.

To verify your deployment with Sumo Logic, do the following:

  1. Ensure that you have added Sumo Logic as a verification provider, as described above.
  2. In your workflow, under Verify Service, click Add Verification, and then click Sumo Logic. The Sumo Logic dialog appears.

  1. Fill out the dialog. The Sumo Logic dialog has the following fields.



Sumo Logic Server

Select the Sumo Logic verification provider you added, as described above.

Search Keywords

Enter the keywords for your search. Use the Sumo Logic search field and then copy your keywords into the Sumo Logic dialog.

Example keywords: *exception* and *error*.

For more information, see Search Syntax Overview and Keyword Search Expressions from Sumo Logic.

Field name for Host/Container

Enter the message field that contains the host name. You can find this in the Sumo Logic search. In the Sumo Logic search field, start typing _source and see the metadata options:

Click on the source host option, _sourceHost, and execute a query with it.

View the query results and confirm that the _sourceHost field returns the name of the host. And then enter _sourceHost in the Field name for Host/Container field.

Expression for Host/Container name

Add an expression that evaluates to the hostname value for the Message field host information. For example, in Sumo Logic, if you look at an exception Message, you will see a Host field:

In the service infrastructure where your workflow deployed your artifact (see Add a Service Infrastructure), the hostname is listed in a JSON name label under a host label.

Locate the name label that displays the same value as the Host field in your Sumo Logic Message. Locate the path to that name label and use it as the expression in Expression for Host/Container name.

The default expression is ${host.hostName}.

Analysis Time duration

Set the duration for the verification step. If a verification step exceeds the value, the workflow Failure Strategy is triggered. For example, if the Failure Strategy is Ignore, then the verification state is marked Failed but the workflow execution continues.

Baseline for Risk Analysis

Select one of the following:

  • Previous Analysis - Select Previous Analysis to have this verification use the previous analysis for a baseline comparison.
  • Canary Analysis - If your workflow is a Canary workflow type, you can select Canary Analysis to have this verification compare old versions of nodes to new versions of nodes in real-time.
  • Predictive Analysis - The Predictive Analysis option instructs Harness to take previous logs over the length of time specified in Baseline for Predictive Analysis, set those logs as a baseline analysis, and then compare that baseline with future logs for the length of time in Analysis Time duration. Harness then analyses these past and future logs to see if there are anomalies or unknown and unexpected frequencies that were potentially triggered during deployment.

    For Canary Analysis and Previous Analysis, analysis happens at the host/node/pod level.

    For Predictive Analysis, data collection happens at the host/node/pod level but analysis happens at the application or service level. Consequently, for data collection, provide a query that targets the logs for the host using fields such as SOURCE_HOST in Field name for Host/Container.

Baseline for Predictive Analysis

This option appears if you selected Predictive Analysis in Baseline for Risk Analysis. Specify the time unit Harness should use to pull logs to set as the baseline for predictive analysis, such as Last 30 minutes.

A few notes about selecting the time unit for Baseline for Predictive Analysis:

  • The greater the length of time you specify for a Predictive Analysis baseline (in Baseline for Predictive Analysis), the longer it takes Harness to run the analysis. If you select Last 24 hours, it could take up to 15 or more minutes to perform predictive analysis.
  • The greater the length of time you specify for a Predictive Analysis baseline, the more API calls Harness makes to the verification provider. Harness makes API calls to verification providers to obtain logs grouped in 15 minutes batches. If you specify a long amount of time for a Predictive Analysis baseline, Harness will need to make a lot of API calls to the verification provider. For example, if you select Last 24 hours as the baseline for Predictive Analysis, then Harness will make 96 API calls to collect that data.

Algorithm Sensitivity

Select the sensitivity that will result in the most useful results for your analysis.

Execute with previous steps

Check this checkbox to run this verification step in parallel with the previous steps in Verify Service.

Failure Criteria

Specify the sensitivity of the failure criteria. When the criteria is met, the workflow Failure Strategy is triggered.

Include instances from previous phases

If you are using this verification step in a multi-phase deployment, select this checkbox to include instances used in previous phases when collecting data. Do not apply this setting to the first phase in a multi-phase deployment.

Click TEST. Harness verifies the settings you entered.

When you are finished, click SUBMIT. The Sumo Logic verification step is added to your workflow.

If you select Predictive Analysis in Baseline for Risk Analysis, the time unit range is displayed in the Details section of the results. See Baseline in the image below:

Verification Results

Once you have deployed your Workflow (or Pipeline) using the Sumo Logic verification step, you can automatically verify cloud application and infrastructure performance across your deployment. For more information, see Add a Workflow and Add a Pipeline.

Workflow Verification

To see the results of Harness machine-learning evaluation of your Sumo Logic verification, in your Workflow or pipeline deployment you can expand the Verify Service step and then click the Sumo Logic step.

Continuous Verification

You can also see the evaluation in the Continuous Verification dashboard. The Workflow verification view is for the DevOps user who developed the Workflow. The Continuous Verification dashboard is where all future deployments are displayed for developers and others interested in deployment analysis.

To learn about the verification analysis features, see the following sections.

Deployment Info

Deployment info
See the verification analysis for each deployment, with information on its Service, Environment, Pipeline, and Workflows.

Verification phases and providers
See the verification phases for each Verification Provider. Click each provider for logs and analysis.

Verification timeline
See when each deployment and verification was performed.

Transaction Analysis

Execution details
See the details of verification execution. Total is the total time the verification step took, and Analysis duration is how long the analysis took.

Risk level analysis
Get an overall risk level and view the cluster chart to see events.

Transaction-level summary
See a summary of each transaction with the query string, error values comparison, and a risk analysis summary.

Execution Analysis

Event type
Filter cluster chart events by Unknown Event, Unexpected Frequency, Anticipated Event, Baseline Event, and Ignore Event.

Cluster chart
View the chart to see how the selected event contrast. Click each event to see its log details.

Event Management

Event-level analysis
See the threat level for each event captured.

Tune event capture
Remove events from analysis at the Service, Workflow, execution, or overall level.

Event distribution
Click the chart icon to see an event distribution including the measured data, baseline data, and event frequency.

Next Steps

How did we do?