Processing rules take effect immediately as soon as the configuration is saved. The collector restart is not required for adding/deleting or updating processing rules. However, you may see delay of 2-3 minutes to see the data in search because of the way the data is indexed by Sumo Logic.
- Is there a way to block or allow specific logs from being ingested?
- How can I sub-parse an already extracted field or metadata value?
- Logs from Fastly delayed or missing
- Does SumoLogic use receipt time or message time for calculating data retention?
- Data not getting ingested from S3 bucket to Sumo Logic