Got multiple lines of logs grouped in single log line entry

Pinned

Follow

Ran Bi

• May 04, 2017 00:26

Sometimes single logline in sumologic contains more than 10 lines of log. Did anyone encounter similar problem? Anyone can explain how sumologic group its log lines?

0

• Official comment

  

  Mario Sanchez

  • July 25, 2017 21:19
  • Edited

  Ran,

  Sumo Logic tries it's best to identify what a log message entails, from beginning to end; however, if there's a lot of variability in your log messages, Sumo might not be able to automatically detect this, as it sounds to be your case.

  Good news is that you can specify what the boundary of a message should be so that Sumo can correctly break your log lines into meaningful messages. See details on how to do it here: http://help.sumologic.com/Send_Data/Sources/01Sources_for_Installed_Collectors/Local_File_Source/Define_Boundary_Regex_for_Multiline_Messages

  Hope this helps!

  Cheers,

  Mario

  Comment actions Permalink
• 

  Ran Bi

  • May 09, 2017 20:55

  This really helps. Thanks, Mario!

  0

  Comment actions Permalink
• 

  Mario Sanchez

  • May 09, 2017 21:49

  Awesome. You're very welcomed.

  0

  Comment actions Permalink
• 

  Orestis Panagiotopoulos

  • June 15, 2018 12:48

  Hi, it seems that I have a similar problem. The link above is broken

   

  0

  Comment actions Permalink
• 

  Olaf Stein

  • June 15, 2018 12:52

  Please use the following link:

  https://help.sumologic.com/Send-Data/Sources/04Reference-Information-for-Sources/Collecting_Multiline_Logs

  0

  Comment actions Permalink
• 

  Laura Farvour

  • October 31, 2022 20:14

  Updated Link for 2022

   

  https://help.sumologic.com/docs/send-data/installed-collectors/sources/define-boundary-regex-multiline-messages/

  0

  Comment actions Permalink

Please sign in to leave a comment.