Sumo Logic: Is the Internet of things a problem or an opportunity?

IT administrators have many challenges simply monitoring and managing today's complex web of workloads, servers and clients. What happens when vehicles, copiers, security devices, smartphones, tablets and who knows what else appear on the network?


Sanjay Sarathy, CMO of Sumo Logic, stopped by to talk about the Internet of Things and whether adding more devices to an already complex network environment is going to become an overwhelming problem for an already stressed IT staff or an opportunity for companies to better understand their infrastructure and make it serve the company's needs better. 

The key challenge, Sarathy believes, it providing tools that will produce actionable insight to someone who doesn't know the right questions to ask or the right things to examine. I tend to agree.

When so much is happening, how can IT determine what is normal?

Sarathy points out that one of the best ways to help IT staff learn what is happening -- what devices are interacting with others, what levels of performance are normal, and what are "anomalies" -- is to gather up the operational data in the device's log files, learn from what is found in those files, and determine what the operational baseline is for that infrastructure. Once the baseline is established, anything out of the ordinary can be flagged and an alert be sent to the IT staff. He pointed out that log files are always a source of the truth — that is a place to learn what the facts are in any given situation.

Sarathy, of course, mentioned that is part of what his company's technology does. Machine data analytics combined with sophisticated "machine intelligence" makes it possible to find  patterns hidden in huge sets of operational logs. This, combined with a set of rules that define what is normal in a given environment, can shine a needed light on what's happening, what's normal and what's unusual.

How does this differ from what others offer?

When asked how Sumo Logic compares to others touting the same things -- such as BMC, CA, ExtraHop, HP, IBM, Netscout, Netuitive, New Relic, Opnet, Prelert, Splunk, Zenoss and a number of others -- Sarathy replied that machine learning is a good start. Unless companies spend a great deal of time creating rules that define what normal operation looks like in their own IT infrastructure, it is difficult for systems to determine all by themselves what is normal.

Sumo Logic, he said, goes beyond that by combining machine learning with human interaction. That is, Sumo Logic determines what is happening by quickly scanning the operational logs, learning from what is seen in those files and setting a baseline. If something different starts appearing in the logs, IT staff are sent an alert. When IT staff respond to an alert, they are creating the rules for future alerts. This, Sarathy pointed out, is quite different from making the staff define rules before a machine intelligence system can operate.

IT staff can simply tell the system that the set of operations seen are normal and no future alerts are needed or that something is really wrong and that higher levels of alerts should be generated.

Snapshot analysis

When I speak with IT administrators, network operators and the like, I almost always learn that they are doing their best to deal with an ever-changing, ever-expanding environment. They depend upon sophisticated tools to keep up with their environment. Tools, such as those offered by Sumo Logic and its competitors, are vital today and are likely to be even more important once every little thing lives on the net and communicates its status, makes requests, and generates more operational data.