SumoLogic is a fantastic log aggregator and analysis tool, a fine alternative to Splunk. Searching is powerful and mostly intuitive and results come fast. If you have application logs in clusters or Kubernetes pods that lose their logs every time they're restarted, Sumo is the solution for you
Log Aggregation and uploading. The architecture for Sumo Logic makes a great deal of sense and works very well.
Automated analysis. It still impresses me how well a newly uploaded log can be broken into intelligent parts, then searched and sorted using their tools.
Dashboards. It might not be what YOU will need as an IT admin, but you can give access to these dashboards easily to business users who love that kind of stuff. Most other types of (monitoring / alerting) tools, for no apparent reason, lack this feature.
Reporting, monitoring, and graphing. Given, you need to have useful log generation for an application or service as a prerequisite for sumo logic to be able to gain use, once it has it is an amazingly powerful tool.
Sumo Logic is very powerful but definitely requires some configuration work to get the most out of it. You can get a certification related to this, but it is definitely not something you can just throw together.
I would give this rating because I attended a free Sumo Logic training at a WeWork in Chicago. I found the training very useful, and I learned a lot of features that I was not aware of before I went to the training. I like the idea that SumoLogic provides free training seminars. I am certified in level1, and I plan on certifying to level2.
I was satisfied with the implementation, as at the time, it was the best way to implement the product with the available feature sets in Sumo Logic. User creation and management became more of an issue during continued use, instead of it being an issue related to deploying the product in our environment.
We had used Splunk previously. Sumo Logic defeats them when it comes to cost, including the costs that would normally come with supporting/managing/patching/upgrading your own infrastructure and storage. Those were wins, but especially the real-time CDN integrations due to Sumo Logic's collaborations with other vendors. We had spoken to Logentries and discovered that many of the cons we found with Sumo Logic seemed to have been resolved in their product. Their pitfall was that, at the time, Logentries did not have the ability to get real-time log ingestion from our CDN. They said they had a solution, which was scripted, but we had not evaluated/tested. Logentries also did not have a User / RBAC REST API, and are nowhere near the level of compliance that Sumo Logic had (https://www.sumologic.com/press/2015-02-19/sumo-logic-successfully-completes-pci-data-security-stand...). In the end, I believe Logentries and Sumo Logic would be two good vendors to get involved in a bake-off
