Data Management

Collectors

• How do Sumo Logic store access tokens for collecting Office 365 logs?
• How can I update a collector name after installing a collector?
• High Collector CPU Use After Leap Second
• Is there a direct integration between Alibaba Cloud Services and Sumo Logic?
• Can fluentbit cleanup the logs inside the pod in a Kubernetes Cluster?
• How to perform installation of Sumo Collector on an AIX server and is it supported by Sumo Logic?

See all 64 articles

Sources

• * ERROR: Registration failed: Invalid source: * The json file C:\Scripts\Sumologic\source.json contains invalid value.
• Collector refuse to remove sources from sources.json (Local file Management Mode) due to multiple filters supplied with the same "Name" key.
• I have a hosted collector with AWS S3 or AWS CloudTrail sources and data ingestion is delayed by few hours, how should I avoid ingestion delays?
• Falco container is crashing while installing Kubernetes on our GKE clusters
• Kubernetes Helm install fails with Error: namespaces "sumologic" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API group "" in the namespace "sumologic" 
• Creating or updating an S3 source results in "Your AWS Credentials do not have read permissions for the specified path expression."

See all 42 articles

Data Forwarding

• When forwarding data to S3, are the logs sent before or after processing rules have been applied?
• If I create a Scheduled View with a start date in the past and data forwarding enabled, how will the data be forwarded?
• Error when creating S3 Data Forwarding: Unable to initiate S3 object uploads
• Data is not Forwarding from Sumo Logic to our S3 Bucket
• Collector Warning message: Unable to forward message to <ip address>-<Port>
• How can I store data for longer than my retention period?

Field Extraction Rules

• Does Sumo Logic has any Field Extraction Rule templates?

Scheduled Views/Partitions

• Is there any extra data cost when using Partition/Scheduled View?
• Does SumoLogic use receipt time or message time for calculating data retention?
• When I use Save to Index, metadata fields from the Collector (for example, _collector) will be dropped. Does that mean the data in the index will not have any associated metadata?