LoginSign Up
← Back to all sparks
Sumo Logic logo

Sumo Logic

DEVOPS
Velocity0.0

Log analytics

sumologic.com

Sumo Logic is shipping OTEL migration tooling, query macros, and self-serve data deletion — observability hardening across the board.

opentelemetryobservabilitysiem opscompliancemulti-org admindeveloper ergonomics
Current state
Sumo Logic's recent cadence focuses on three coherent threads: enabling vendor-neutral telemetry (guided conversion of Installed Collectors to OpenTelemetry source templates, remotely managed apps via Source Templates, YAML editor for source templates), developer/operator ergonomics (Macro Operator for reusable query logic, query-when-fully-processed timing, quick actions in navigation menus, bulk insight updates up to 5,000), and enterprise/compliance plumbing (self-serve data deletion via UI or API, multi-org centralized role management, playbook execution history with cancellation).
Where it's heading
Sumo Logic is positioning around the OpenTelemetry shift while reinforcing the enterprise admin surface. The OTEL migration tooling is the most strategically loaded — Sumo Logic is making it easier for customers to leave the proprietary collector path, which is the right long-term bet against Datadog and Splunk but creates short-term lock-in dilution. The compliance and multi-org features signal continued investment in regulated and enterprise buyers where Splunk has historically been entrenched.
Prediction
Expect more guided OTEL migration tooling (e.g., dashboard/alert porting alongside collector conversion) and continued bulk-action work in the security ops surface. The self-serve data deletion path is likely to be followed by self-serve retention and data residency controls, completing the compliance-as-product story.

Recent moves

  1. 3mo ago

    Delete ingested data on demand—no Support ticket required.

    Authorized users can now submit and approve data-deletion requests directly in the platform or via API — no Support ticket needed. Removes Sumo Logic from the loop on a routine compliance workflow and gives security/legal teams audit-friendly self-serve control over right-to-erasure and similar requests.

    View source ↗
  2. 4mo ago

    We’ve introduced a Macro Operator, which allows you to define reusable query logic once and reference it across multiple searches.

    New Macro Operator lets users define reusable query logic once and reference it from multiple searches, dashboards, and alerts. A real maintainability lift for shops that have grown into hundreds of similar queries — directly attacks one of Splunk's classic complaints (logic duplication across saved searches).

    View source ↗
  3. 4mo ago

    We’re making it easier to move from Installed Collectors to OpenTelemetry.

    Guided workflow converts existing Installed Collector sources into OpenTelemetry source templates, reducing manual migration friction. Strategically the most loaded item in this window — Sumo Logic is investing in making the OTEL transition cheap, betting long-term observability portability beats short-term collector lock-in.

    View source ↗
  4. 4mo ago

    Parent org administrators can now centrally manage default and user-specific role assignments across child organizations.

    Parent-org administrators can centrally manage default and per-user role assignments across child organizations. Real multi-tenant enterprise plumbing — useful for service providers and large enterprises with subsidiary structures who previously had to script this around the API.

    View source ↗
  5. 4mo ago

    Act on thousands of insights at once to accelerate investigations and response.

    Bulk update of up to 5,000 security insights via UI or API with real-time progress and parallel operations. Targets the same SOC-team-buried-in-alerts pain point that's driven the rise of automated triage in security ops; Sumo Logic is making the manual-action path itself more scalable rather than only pushing automation.

    View source ↗
  6. 4mo ago

    You can now perform quick actions—edit, delete, share, and move—on content directly from navigation menus in the new UI, without first op…

    Quick actions (edit, delete, share, move) on content directly from new-UI navigation menus, without first opening the Content Library. Small but visible workflow speedup for daily content management — fits the broader new-UI rollout pattern visible across recent updates.

    View source ↗