Data Management

Collectors

• How do Sumo Logic store access tokens for collecting Office 365 logs?
• How can I update a collector name after installing a collector?
• High Collector CPU Use After Leap Second
• ALB/ELB multiple log lines are being concatenated as single line. What could be causing this and how to resolve it?
• SLF4J errors ingested into Sumo Logic while collecting OKTA logs via SumoJanus package.
• "Unknown field name: cluster (520)" error message reported while running search for the Kube logs.

See all 72 articles

Sources

• * ERROR: Registration failed: Invalid source: * The json file C:\Scripts\Sumologic\source.json contains invalid value.
• Collector refuse to remove sources from sources.json (Local file Management Mode) due to multiple filters supplied with the same "Name" key.
• Data ingested from an S3 bucket or an HTTP source consumes more storage in Sumo Logic
• How can I ingest Microsoft Teams logs in to Sumologic?
• Cloud Syslog in PEM format
• Is it possible to ingest logs from Cisco Umbrella using a Cisco managed Amazon bucket for hosting the logs?

See all 49 articles

Data Forwarding

• Is there a way to forward the parsed fields used in the scheduled views via Data Forwarding in Sumo Logic?
• When forwarding data to S3, are the logs sent before or after processing rules have been applied?
• If I create a Scheduled View with a start date in the past and data forwarding enabled, how will the data be forwarded?
• Error when creating S3 Data Forwarding: Unable to initiate S3 object uploads
• Data is not Forwarding from Sumo Logic to our S3 Bucket
• Collector Warning message: Unable to forward message to <ip address>-<Port>

See all 7 articles

Field Extraction Rules

• Does Sumo Logic has any Field Extraction Rule templates?

Scheduled Views/Partitions

• Is there any extra data cost when using Partition/Scheduled View?
• Search query does not produce results for frequent tier partition.
• Does SumoLogic use receipt time or message time for calculating data retention?
• If we use the Save To Index feature for alerting, what is the retention period for the same index?
• When I use Save to Index, metadata fields from the Collector (for example, _collector) will be dropped. Does that mean the data in the index will not have any associated metadata?