Collector troubleshooting

Follow

Igor Platitsa

• March 02, 2017 21:16

Hi, I installed collector on a new host I am trying to add to sumologic; and I am able to see it under manage>collector. However, when I start simple search (_collector=) I am unable to see any logs. I currently trying to access /var/log/messages and I can see it listed in manage>collector. I restarted collector on the host and I can confirm it is running. What would be right way of troubleshooting this?

0

• 

  David Moyer

  • April 19, 2017 16:55

  Have you configured a log source? If you go to Manage >> Collection and look at your collector, is there a line underneath that shows the log data source? If not, click on the Add... link on the right side of the collector line and set up your logging source.

  -1

  Comment actions Permalink
• 

  Mario Sanchez

  • May 10, 2017 06:35

  Igor, Were you able to get data? Sometimes the issue can be related to timestamp, for example your logs have a timestamp format that Sumo doesn't recognize.To see if this is the issue, you can run the search using the "Use Receipt Time" and choose a timeframe that includes the time when you ingested your data.If this was your issue, you can tell Sumo how to correctly recognize the format of your timestamp:http://help.sumologic.com/Send_Data/Sources/04Reference_Information_for_Sources/Timestamps%2C_Time_Zones%2C_Time_Ranges%2C_and_Date_FormatsCheers,Mario

  0

  Comment actions Permalink

Please sign in to leave a comment.