Deployment & Configuration: Sumo Logic
To integrate NetFlow Optimizer (NFO) with Sumo Logic, you must set up a Hosted Collector to receive data and configure NFO to deliver its enriched JSON stream via the HTTP Logs Source.
1. Sumo Logic Preparation
Before configuring NFO, you must create an endpoint in Sumo Logic to accept the incoming telemetry.
Create a Hosted Collector
- Log in to your Sumo Logic account.
- Navigate to Manage Data > Collection > Collection.
- Click Add Collector and select Hosted Collector.
- Enter a name (e.g.,
NFO_Collector) and click Save.
Add an HTTP Logs Source
- In the new Hosted Collector, click Add Source and select HTTP Logs and Metrics.
- Name: Enter
NFO_JSON_Stream. - Source Category: Enter
netflow/enriched(this is used to scope your searches and dashboards). - Click Save and copy the generated HTTP Source URL.
2. Configuring NFO Output
With your HTTP Source URL ready, establish the connection in the NFO web interface.
- In the NFO GUI, navigate to Data Outputs and click the plus sign (+) to add a new destination.
- Type: Select Sumo Logic.
- URL: Paste the HTTP Source URL obtained from Sumo Logic.
- Output Filter: Set to
Modules output onlyto ensure only enriched data is sent. - nfc_id filter: Enter the module IDs (e.g.,
20062) to specify which enriched telemetry to push.
3. Installation of the NetFlow App
Once data is flowing, you can install the pre-built visualizations from the Sumo Logic App Catalog.
- In Sumo Logic, go to App Catalog.
- Search for NetFlow Optimizer.
- Click Add to Library.
- In the configuration wizard, select the Source Category you defined in Step 1 (e.g.,
netflow/enriched).
4. Verification
To confirm that enriched data is arriving correctly, run a simple search in the Sumo Logic Log Search tab:
_sourceCategory=netflow/enriched
| json "src_vm_n", "dest_vm_n", "bytes"
Verify that the virtual machine names (src_vm_n) are populated, confirming that NFO's enrichment is working as expected.