List of categories
-
This worked for me. Thank you!
On a somewhat related but separate note, I was wondering if it's possible to create some sort of alias for source categories to avoid needing to remember long paths? For example, instead of `_sourceCategory="/ns1/ns2/ns3/ns3/ns4/tgt`, we could just do `_sourceCategory="tgt_alias`. -
To expand on Michael's answer if you want to see which source categories are receiving how many messages per a timeslice which is helpful to see which logs you might be more interested in peeking into you can do something like this:
```
*
// adjust the time slice as it makes sense based on the search window
| timeslice 3m
| count by _sourceCategory, _timeslice
| transpose row _timeslice column _sourceCategory```
-
Regarding being able to alias source categories I don't think so. You can rename a field within the context of the query but you have to know what it is in the first place. See https://help.sumologic.com/05Search/Search-Query-Language/Search-Operators/as-operator for more information and examples. I mostly use this when doing additional parsing for example
```
_sourceCategory="/production/app1/worker/thing_of_interest
| timeslice 5m
| pase "*/*/*/*" as env, app, component, log_type
// you can then use all or some of these fields in your output or additional queries (such as where)
| count by app, env, component, log_type
```
Please sign in to leave a comment.
Comments
4 comments