Incorrect timestamp parsing
Currently sumo logic is only correctly capturing the timestamps from some of the logs provided. These logs are all from the past, and so were uploaded to sumo logic at once. The formats are different for some of the logs, and it seems the ability of sumo logic to parse the timestamps is related to that, but the most straightforward timestamps to parse aren't getting parsed accurately, and it seems like maybe the receipt time is being used instead? Receipt time is not checked in this query.
-
Official comment
Hi Ross - When onboarding a data source with different timestamp formats, by doing so with a Sumo Logic Installed Collector, this gives you the option to specify multiple different timestamp formats which address the issue you appear to be encountering.
Feel free to join us in our public Slack channel (https://sumodojo.slack.com) to get some real-time assistance with this or other issues!
Comment actions
Please sign in to leave a comment.
Comments
1 comment