This gem interfaces with the Sumo Logic Search Job API. It may be used through native Ruby, or via a CLI that has been provided.

From the command line:

$ [sudo] gem install sumo-search

From your application's Gemfile:

gem 'sumo-search'

After installing the gem, you can require it using:

require 'sumo'

Your credentials go into the YAML file ~/.sumo_creds. An example YAML file is listed below:

Note: Sumo Logic deprecated username/password login in favor of access IDs and access keys.

backend:
  access_id: your_access_id
  access_key: your_access_key
default:
  access_id: your_other_access_id
  access_key: your_access_key

The credentials in the default namespace are loaded by default. To change this, set ENV['SUMO_CREDENTIAL'] to the credential that you would like to load.

To create a search job from ruby, the Sumo.search method is provided. For example, the following creates a search job for everything from the 2014-01-01:

search = Sumo.search(
  :query => '*',
  :from => '2014-01-01T00:00:00',
  :to => '2014-01-01T23:59:59',
  :time_zone => 'UTC'
)

To iterate through the messages returned by the API, use the #messages method on the object returned by Sumo.search.

search.messages.each { |message| puts message }

Similarly, iterating through the records can be acheived through the #records method.

search.records.each { |record| puts record }

Note that the two above methods lazily grab the results in chunks, so iterating through these will take some time. The difference between records and messages is described at the bottom of this section of the api docs.

The executable packaged with this gem is called sumo.

Examples:

# Search for everything from 2014-01-01.
sumo --query '*' --from '2014-01-01T00:00:00' --to '2014-01-01T23:59:59' --time-zone 'UTC'

# Search for everything containing 'StagingFitness' in 2013, extracting the 'message' key from the response.
sumo --query 'StagingFitness' --from '2013-01-01T00:00:00' --to '2014-01-01T00:00:00' --time-zone 'UTC' --extract-key 'message'