Processing rules take effect immediately as soon as the configuration is saved. The collector restart is not required for adding/deleting or updating processing rules. However, you may see delay of 2-3 minutes to see the data in search because of the way the data is indexed by Sumo Logic.
- Is there a way to block or allow specific logs from being ingested?
- Unable to parse input as json
- Why aren't my recent logs showing up with my search?
- Can I use parse regex multi or auto option in order to add Field Extraction Rules?
- Search API request fails with "HTTP ERROR 401 Full authentication is required to access this resource"