I might be putting the horse before the cart here, I had intended on posting about Sumo Logic before writing this, but I feel that this particular post is probably more useful immediately. You can find information on setting up ephmeral mode in the SumoLogic support pages, but when I was looking I found it wasn’t in a single location. That got frustrating quickly, so when I did work out how it needed to be set up, I thought that I’d post it so that others didn’t need to spend time on it.
Quickly, Sumo Logic is a cloud based event log/correlation and analytics service – think of it as a cloud based Splunk, but with less ridiculous pricing. Someone will surely point out SplunkStorm, but that isn’t really all that good in my experience. I’d suggest you try both out and you’ll work out why pretty quickly. The company is relatively new, but has some pretty decent backers in the form of Accel Partners and Sequoia Capital (amongst others), both of whom have reasonably decent reputations in the venture capital space. Technology wise, Sumo Logic specialises in cloud based, large data set event log management and analysis. You can feed it a ton of data, query it and generate usable information from it that can help with operational support of applications or environments. Its primary benefit is that its rapidly scalable out to very very large data sets and the fact that its search is near real time.
Sumo Logic operates with hosted and installed collectors. The hosted collector allows it to integrate into Amazon S3 to fetch log data for ELB, CloudTrail and the like. This allows you to process that data without having to deploy an EC2 instance to collect that data for you and forward it into Sumo Logic’s systems. The installed collector is just that, its a collector that’s installed on a system. You’d use an installed collector when you’re fetching data from Windows Event logs, IIS logs, or even acting as a syslog collector for network devices. The installed collector then relays the collated data back to Sumo Logic over secure connection. In the configuration of your Sumo Logic account, you see all your collectors, be it hosted or installed. I’ll post more about it another time, but for now I’d suggest you have a play.
Now that we’ve covered what Sumo Logic is and a high level idea of how it collects data, what is ephemeral mode? Ephemeral mode is as the definition of the word – “lasting for a very short time”. Its a configuration setting to allow for Sumo Logic to receive data from a collector that isn’t permanent and will need to be expired or cleaned up once it stops working. Basically the collector will start up at the time the machine is started, collect data and send it back to Sumo Logic. On machine termination, rather than have an offline collector visible in the configuration panel, it will automatically remove itself after 12 hours of not receiving any messages.