Updating a Sumo Logic Collector using the API

WhatDoesKmean?WhatDoesKmean?
3 min read

Sumo Logic is a cloud-based log management and analytics platform that enables organizations to collect, analyze, and visualize their machine data in real-time. One of the key components of Sumo Logic is the Collector, which is responsible for ingesting data from various sources and forwarding it to the Sumo Logic service.

In this article, we will explore how to update a Sumo Logic Collector to ensure that it is configured to collect and forward data as expected. Specifically, we will demonstrate how to modify the Collector's attributes using the Sumo Logic API.
By the end of this column, you will have a clear understanding of how to update a Sumo Logic Collector to meet your organization's logging needs.

We will use the PUT method with a JSON payload to update an existing Collector.
You can find a reference to the available Collector parameters in the Response fields table here.

NOTE: The JSON payload (for update) should include values for all required fields. Additionally, fields that cannot be modified should match their current values in the system.
The Collector Management API uses optimistic locking to deal with versioning and conflict detection. Any response that returns a single entity will have an ETag header that identifies the version of that entity. Subsequent updates (PUT requests) to that entity must provide the value of the ETag header in an If-Match header; if the header is missing or no longer corresponds to the latest version of the entity, the request will fail (with 403 Forbidden or 412 Precondition Failed, respectively).

To update a Collector, you must include the If-Match header in your request and the ETag value retrieved from the headers of a previous GET request.

To do so, we need to retrieve the current ETag value for the Collector resource. So, we perform a GET request which will include the ETag value in the response headers.
JSON response Header obtained:

Then we retrieve the Collector attributes by using the GET method.
JSON response obtained:

Next, you can make changes to the Collector JSON attributes to suit your requirements.

For instance, you might set the value of targetCPU from Unlimited (default) to 30%. Once you have made the desired modifications, employ a PUT request to submit the updated data to the server.
JSON payload for update:

The below Python code example demonstrates how to modify a Collector by setting the targetCPU parameter from Unlimited (default) to 30%. Notice that includes the ETag value that was previously acquired in the If-Match header.

import requests

# Mandatory data
COLLECTOR_ID = 123456789
API_ENDPOINT_URL = f"<YOUR_SUMOLOGIC_ENDPOINT>/api/v1/collectors/{COLLECTOR_ID}"
API_AUTH = ('<YOUR_ACCESS_ID>', '<YOUR_ACCESS_KEY>')

# Data to Update
COLLECTOR_NAME = "WhatDoesKmean"
COLLECTOR_EPHEMERAL = False
COLLECTOR_TARGETCPU = 30

# Create Session object
session = requests.Session()
session.auth = API_AUTH
session.verify = True

# Get Sumo Collector's ETag
response = session.get(API_ENDPOINT_URL)
response.raise_for_status()
etag = response.headers["ETag"]

# Update Collector settings
headers = {
    'Content-Type': 'application/json',
    'If-Match': etag,
}
dataToUpdate = {
    "collector": {
        "id": COLLECTOR_ID,
        "name": COLLECTOR_NAME,
        "ephemeral": COLLECTOR_EPHEMERAL,
        "targetCpu": COLLECTOR_TARGETCPU,
        "collectorType": "Installable",
        "alive": True
    }
}
response = session.put(API_ENDPOINT_URL, headers=headers, json=dataToUpdate)
response.raise_for_status()

# Print updated Collector's data
print(response.json())

JSON response obtained after update:

Of course, you can also check your Collector's new settings within the Sumo Logic platform under the Advanced option:

Now, you know! ๐Ÿ˜‰

0
Subscribe to my newsletter

Read articles from WhatDoesKmean? directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

WhatDoesKmean?
WhatDoesKmean?

CyberSecurity ๐Ÿ‘ฝ | Splunk Ninja ๐Ÿฆธ | DataDog Tamer ๐Ÿพ | Sumo Logic Fighter ๐ŸงŒ | Wazuh Explorer ๐Ÿง™โ€โ™‚๏ธ | EkoParty 2021 ๐ŸŽ‰ & SANS DFIR 2022 ๐Ÿ”‘ Speaker