-
Notifications
You must be signed in to change notification settings - Fork 3
Home
This tool allows a user to execute multiple searches, and compile the data in a single report. Currently, the only format is Excel (.xlsx). Each tab in Excel would correspond to a search executed in Sumo Logic.
##Usage To use the tool, simply run from your command line:
$java -jar sumo-report-generator.jar
usage: SumoLogic Report Generator
-c,--config <arg> Path to the report JSON configuration file.
-d,--debug Enable debug logging.
-h,--help Prints help information.
-t,--trace Enable trace logging.
-v,--version Get the version of the utility.
##JSON Configuration File
To generate a report, simply configure JSON configuration file that defines the report. Here is a basic example:
{
"username" : "<username/accessid>",
"password" : "<password/accesskey>",
"url" : "https://api.sumologic.com/api/v1",
"destinationFile" : "/some/path/workbook.xlsx",
"reportSheets" : [
{
"sheetName" : "errors",
"searchJob" : {
"query": "error | count",
"from": "2015-09-20T00:00:00",
"to": "2015-09-20T23:59:59",
"timezone": "PST"
}
}
]
}
Your username/password can be using your SumoLogic credentials, or an accessId/accessKey. The URL you choose should be the URL based on your deployment. You can define any number of report sheets, each reportSheet represents a sheet in the final Excel Workbook. The sheetName will be the name of the sheet. Note that standard limitations of naming sheets in Excel apply. The searchJob is the Sumo search you want to execute and populate in the sheet. Make sure you properly escape your query as you would with any SumoLogic API call.
##Advanced Features ###Property Replacement If you have a template JSON file that you wish to reuse that contains 10 queries. Updating certain things for every query can be tedious. Enter propertyReplacements. This feature allows you to define a set of key/value pairs. You can then reference the key in any SearchJob you define. The sumo-report-generator will replace that key with the value before executing the Search Job. This means if you have a template with 10 queries, instead of replacing the from/to date (for example) 20 times, you just do it 2x. Here is the same example above, using property replacements for the from/to date.
{
"username" : "<username/accessid>",
"password" : "<password/accesskey>",
"url" : "https://api.sumologic.com/api/v1",
"destinationFile" : "/some/path/workbook.xlsx",
"propertyReplacementConfig" : {
"propertyReplacements" : [
{
"replacementKey" : "from_date",
"replacementValue" : "2015-09-20T00:00:00"
},
{
"replacementKey" : "to_date",
"replacementValue" : "2015-09-20T23:59:59"
}
]
},
"reportSheets" : [
{
"sheetName" : "errors",
"searchJob" : {
"query": "error | count",
"from": "${from_date}",
"to": "${to_date}",
"timezone": "PST"
}
}
]
}
###Workbook Templates The sumo-report-generator does not do any formatting at the moment. However, there may be situations where you run the same set of SearchJobs and possibly add columns with formulas, and change the spacing of columns, or add conditional formatting. The sumo-report-generator supports using pre defined workbook templates by simply adding the path to the template into your JSON configuration.
{
"username" : "<username/accessid>",
"password" : "<password/accesskey>",
"url" : "https://api.sumologic.com/api/v1",
"destinationFile" : "/some/path/workbook.xlsx",
"templateFile" : "/some/path/workbook_template.xlsx",
"propertyReplacementConfig" : {
"propertyReplacements" : [
{
"replacementKey" : "from_date",
"replacementValue" : "2015-09-20T00:00:00"
},
{
"replacementKey" : "to_date",
"replacementValue" : "2015-09-20T23:59:59"
}
]
},
"reportSheets" : [
{
"sheetName" : "errors",
"searchJob" : {
"query": "error | count",
"from": "${from_date}",
"to": "${to_date}",
"timezone": "PST"
}
}
]
}
The template can add columns, formulas, conditional formatting or change the column/row width and it will be respected when the workbook is generated. This can save you time by eliminating your need to format the excel workbook. Note that added columns are not touched, so formulas will not be replicated down to the number of rows contained in a sheet. In order to ensure the data from your search is correctly populated, you must ensure the column names in your template correspond to the column names in your searches. If you forget a column in the template and it exists in your search, it will be omitted.
##FAQ
Why does my date show in milliseconds format?
You likely did a timeslice and forgot to use a formatDate() operator to properly format the timeslice. If you do this, then the date will be output to Excel in the correct format. For example:
formatDate(fromMillis(_timeslice),\"MM/dd/yyyy\") as date
Why do my numeric cells show as string?
This likely means that Sumo Logic is returning the data as String and not a numeric value. Try casting your value back to a number. As long as the field returned from Sumo is a numeric value, then your excel formatting will show correctly. For example, maybe you used the format() operator to round a numeric value. The format operator returns a String. So you have to cast it back to a number.
format(\"%.2f\", size_mb/1024) as size_gb | number(size_gb)
##Limitations
- Requires Java 1.8!
- Only .xlsx format is supported currently
- The results are simply output to excel manual formatting may be required if you do not use a template.
- Any search you execute is executed against the SumoLogic Search Job API, therefore, any limitations of the API apply to this tool.