How can we help you?
Browse the Sumo Logic Support Center to find information on data collection, search queries, alerting, account settings and more
Troubleshooting tips, frequently asked questions and how to articles
Account Management and Billing
- How can I get a copy of an invoice?
- Can we delete data already sent into Sumo Logic so that search results don't show this data?
- Discrepancy between Account Usage Details and Log Data Volume Index data
- How to I change or edit my Organization name?
- How to increase the number of users?
- Can I merge multiple Sumo Logic accounts into a single account?
Field Extraction Rules
Managing Users and Roles
- "Unable to sign in. Your account has been locked"
- What are Role Search filter limitations?
- When I try to enter any of the certification courses, I encounter an SSO error that says 'last name is required.'
- Azure AD SSO error SAML authentication request's RequestedAuthenticationContext's Comparison value must be "exact".
- Users are not receiving the welcome or password reset email
- When are password Policy Changes Applied to Users?
- How do Sumo Logic store access tokens for collecting Office 365 logs?
- How can I update a collector name after installing a collector?
- High Collector CPU Use After Leap Second
- ALB/ELB multiple log lines are being concatenated as single line. What could be causing this and how to resolve it?
- SLF4J errors ingested into Sumo Logic while collecting OKTA logs via SumoJanus package.
- "Unknown field name: cluster (520)" error message reported while running search for the Kube logs.
- * ERROR: Registration failed: Invalid source: * The json file C:\Scripts\Sumologic\source.json contains invalid value.
- Collector refuse to remove sources from sources.json (Local file Management Mode) due to multiple filters supplied with the same "Name" key.
- Experiencing ingestion issues for G-Suite Apps Audit sources
- Data ingested from an S3 bucket or an HTTP source consumes more storage in Sumo Logic
- How can I ingest Microsoft Teams logs in to Sumologic?
- Cloud Syslog in PEM format
- Is there a way to forward the parsed fields used in the scheduled views via Data Forwarding in Sumo Logic?
- When forwarding data to S3, are the logs sent before or after processing rules have been applied?
- If I create a Scheduled View with a start date in the past and data forwarding enabled, how will the data be forwarded?
- Error when creating S3 Data Forwarding: Unable to initiate S3 object uploads
- Data is not Forwarding from Sumo Logic to our S3 Bucket
- Collector Warning message: Unable to forward message to <ip address>-<Port>
Field Extraction Rules
- Is there any extra data cost when using Partition/Scheduled View?
- Search query does not produce results for frequent tier partition.
- Does SumoLogic use receipt time or message time for calculating data retention?
- If we use the Save To Index feature for alerting, what is the retention period for the same index?
- When I use Save to Index, metadata fields from the Collector (for example, _collector) will be dropped. Does that mean the data in the index will not have any associated metadata?
- Sumo Logic Kubernetes node metric (metric=node:node_cpu_utilisation:avg1m") missing data when Changing Scrape Interval
- "Disk_UsedPercent" metric not available for the sources configured under the windows collector. How to resolve it??
- Is there any way to put a custom field on a Host Metrics source or is it constrained?
- Is it possible to export metrics as csv or json data out of Sumo Logic?
- "Count by Log Messages" option in Log to Metrics does not populate the metric values with proper aggregate counts and shows as 1
- How to return the week number of the year for a timestamp?
- Why aren't my recent logs showing up with my search?
- Do you have a parse regex for both IPv6 and IPv4?
- The Live Tail feature is not working. Pressing "Run" does not do anything.
- How do I parse a field that occurs multiple times in a single log message?
- How can I search the Default Index explicitly?
Alerting and Scheduled Search
- Experiencing integration issues with the CrowdStrike threat intelligence database.
- Include all the results in a scheduled search email alert.
- What is the default webhook timeout in Sumo Logic? Can we increase it?
- How can I send the alerts to Google hangout?
- Can a Scheduled Search have multiple alert conditions?
- Search Condition does not Trigger Scheduled Search Alert
Dashboards and Panels
- Switching to live mode dashboard gives "This panel cannot be converted to Live Mode because it has a literal time range"
- How to share a dashboard with an absolute time-range on it.
- There was a problem adding panel to the dashboard.
- Can I manage/edit other user's Dashboard as a content administrator?
- Shared Live Mode Dashboard will not populate for public URL
- List all Scheduled Searches, Log Searches and Dashboards in your Organization
- Why is the default web session timeout set to 15 minutes for new users in Sumo Logic UI?
- SAML SSO showing "Last Name" required error while accessing certification page
- Is there any way to query user activity for those that have access to SumoLogic?
- How can I set the User Session Timeout Preferences?
- Terraform Sumo Logic Provider fails with "401-Full-authentication-is-required"
- Internal Error (500) when calling Sumo Logic APIs
- SSL error when running a curl request to the Sumo Logic APIs
- API - 404 Error - Job ID is invalid
- API - 401 Error - Credential could not be verified
- API - 403 Error - This operation is not allowed for your account type
Not finding what your looking for? Reach out to us
Request a Feature
Have an idea for a new feature? Submit, comment and vote within the Ideas portal.
Want to learn more about how to use Sumo Logic? Find online and upcoming live training sessions.
Ask for Support
Unable to find an answer to your questions? Open a case with our Support team.