Problem:
I create a rule which has the correct results in the sample windows. Then I select "count messages" and select one field as a dimension but the result of this log-to-metric rule is always shown as "1"
Solution:
By default, Sumo Logic will quantize using "avg" (average) so unless the query explicitly quantizes using sum or count, the count of metrics from logs-to-metrics will always yield a value of "1" even if the Logs2Metrics(L2M) rule is configured correctly.
In order to get the correct result count, you have to append "quantize using count" or "quantize using sum" to your queries on these data points to determine the count of the log lines.
For example:
_contentType=MetricFromLog metric=logins | quantize using count
or
_contentType=MetricFromLog metric=logins | quantize using sum
Comments
0 comments
Please sign in to leave a comment.