Data Management

Collectors

• How do Sumo Logic store access tokens for collecting Office 365 logs?
• How can I update a collector name after installing a collector?
• High Collector CPU Use After Leap Second
• Windows collector fails to start after Windows 10 1903 feature update
• Windows Collector installation fails when using automation tools (Ansible)
• How can I find a collector id ?

See all 56 articles

Sources

• * ERROR: Registration failed: Invalid source: * The json file C:\Scripts\Sumologic\source.json contains invalid value.
• Collector refuse to remove sources from sources.json (Local file Management Mode) due to multiple filters supplied with the same "Name" key.
• Falco container is crashing while installing Kubernetes on our GKE clusters
• Kubernetes Helm install fails with Error: namespaces "sumologic" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API group "" in the namespace "sumologic" 
• Creating or updating an S3 source results in "Your AWS Credentials do not have read permissions for the specified path expression."
• Will Sumo Logic collect a file that was deleted then recreated with the same name?

See all 41 articles

Data Forwarding

• When forwarding data to S3, are the logs sent before or after processing rules have been applied?
• If I create a Scheduled View with a start date in the past and data forwarding enabled, how will the data be forwarded?
• Error when creating S3 Data Forwarding: Unable to initiate S3 object uploads
• Data is not Forwarding from Sumo Logic to our S3 Bucket
• Collector Warning message: Unable to forward message to <ip address>-<Port>
• How can I store data for longer than my retention period?

Field Extraction Rules

• Does Sumo Logic has any Field Extraction Rule templates?

Scheduled Views/Partitions

• Is there any extra data cost when using Partition/Scheduled View?
• Does SumoLogic use receipt time or message time for calculating data retention?
• When I use Save to Index, metadata fields from the Collector (for example, _collector) will be dropped. Does that mean the data in the index will not have any associated metadata?