Processing rules take effect immediately as soon as the configuration is saved. The collector restart is not required for adding/deleting or updating processing rules. However, you may see delay of 2-3 minutes to see the data in search because of the way the data is indexed by Sumo Logic.
- Is there a way to block or allow specific logs from being ingested?
- Logs from Fastly delayed or missing
- Does SumoLogic use receipt time or message time for calculating data retention?
- SSL error when running a curl request to the Sumo Logic APIs
- How can I sub-parse an already extracted field or metadata value?