Problem:
When I calculate the total data ingested day-wise using Log data Volume index via below query, the result does not match with the information I see in the account page.
_index=sumologic_volume _sourceCategory=collector_volume
| parse regex "\"(?<collector>(?:[^\"]+)|(?:\"\"))\"\:\{\"sizeInBytes\"\:(?<bytes>\d+),\"count\"\:(?<count>\d+)\}" multi
| timeslice 1d
| bytes/1024/1024/1024 as gbytes
| sum(gbytes) as gbytes by _timeslice
| order by _timeslice
Resolution:
The information we see in the Account page is calculated for the Pacific timezone. If we change the timezone at Preference-> My preference -> Default Timezone in Sumologic UI to Pacific and then the results returned by Log data Volume index query will closely matches to what we see in Account page.
Comments
0 comments
Please sign in to leave a comment.