The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

How to ingest OCI logs into Sumo Logic?

Mayur Raleraskar
Solutions Architect

Today, we’re excited to publish a reference solution for moving logs from Oracle Cloud Infrastructure (OCI) into Sumo Logic, a popular SIEM (Security Information and Event Management) solution. 

With the Oracle Cloud Observability and Manageability platform, we aim to meet our customers where they are. We understand that customers may have standardized their operations with third-party tools. We want to be interoperable with those tools to enable customers to easily adopt OCI with minimal retraining, re-architecture, and change in processes. This blog enables joint OCI and SumoLogic customers to use their existing investments for ingesting and analyzing OCI logs in SumoLogic.

Use cases

  • Running analytics on service, audit, and custom logs in SumoLogic
  • Consolidating logs from multi-cloud and hybrid environments
  • Similar to logs, developers can leverage the OCI Monitoring SDK to export metrics (for their applications and services running on OCI), to Sumo Logic. Thanks to openness and interoperability of OCI Logging and Monitoring, customers can unify their SIEM on the platform of their choice, including Sumo Logic.

Solution overview: Instantly Visualize Your OCI Log Data in Sumo logic with Oracle Functions and Service Connector Hub

This solution uses the newly released Oracle Cloud Infrastructure Service Connector Hub to read logs from OCI Logging and invoke Oracle Functions to ingest logs into SumoLogic. For detailed steps about OCI and Sumo Logic Integration, please see detailed instructions here

About the Oracle Cloud Infrastructure services used in this solution

OCI Logging is a cloud-native, fully managed, distributed logging platform that simplifies ingesting, managing, and analyzing logs from your entire stack. OCI Logging leverages open CloudEvents standard, making it easy for interoperability as well as helps in avoiding vendor lock-in. The service brings all your logs(infrastructure, application, audit, and database) into one view. To learn more about Logging, see Announcing the general availability of Oracle Cloud Infrastructure Logging

OCI Service Connector Hub moves data between services, both within OCI and from OCI to third-party tools. For extra processing and compliance storage needs, it moves data, such as logs from Logging, to services such as OCI Object Storage, OCI Streaming, and OCI Monitoring. It triggers functions for custom data processing and sends notifications about changes to cloud resources. To learn more about Service Connector Hub, see Oracle Cloud Infrastructure Service Connector Hub now generally available.

Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service platform. To learn more about Oracle Functions, see the documentation.


In closing, this blog demonstrated how you can ingest logs from OCI Logging into SumoLogic using Service Connector Hub and Oracle Cloud Functions. You can use the same reference architecture to build any third-party integrations to solve your specific use cases.

We welcome you to sign up for the Oracle Cloud Free Trial or sign in to your account to experience this integration. We can't wait to see what you build.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha