Collecting custom data from SQL server

Comments

3 comments

  • Official comment
    Avatar
    Nick

    Hi Andres,

    I'm glad you were able to figure it out!

    Since you were getting output in the command line, I suspect the logs were being collected but the timestamp wasn't being parsed the way you expected (hence having to change those boundaries and settings), so you couldn't find them easily by querying. This is where the live tail feature really comes in handy because you'll see them flow through, regardless of timestamp.

    You can also check the "use receipt time" checkbox when querying if you're not seeing your new data in Sumo. This will query based on the time the logs were ingested into Sumo, and circumvent any log message timestamps.

    At any rate, I'm glad you figured it out, and please do let us know if you have any other questions.

    Thanks!
    Nick
    Customer Success Manager, Sumo Logic

    Comment actions Permalink
  • Avatar
    Nick

    Hi Andres,

    Were you able to figure this out?

    Is your source on your collector configured to run the script at a regular frequency? Something that I always try when setting up a new source is using the Live Tail function in Sumo Logic to view the data as it's coming in. This will take a lot of factors out of the equation, such as timezone misconfigurations and let you get to the nitty-gritty of troubleshooting.

    As far as writing the queries in the config file, the only special formatting you have to do is make sure it starts with "SQLQuery = " followed by your query. You also shouldn't have any newline characters from start to finish on your query.

    Let me know if this helps, or if you still need further assistance.

    Thanks,
    Nick
    Customer Success Manager, Sumo Logic

    0
    Comment actions Permalink
  • Avatar
    Andres Orozco

    Nick,

    With some help I was able to get it to work. Apparently it had to do with the timestamp format I was trying to extract. I ended up defining a regex for the message boundaries and a couple of settings to exclue the VBS logo message.

    Even though it works now, it's still not clear to me why the raw messages were not collected at first, the same way the command line text was being collected.

    Also, while trying to figure this out, we ended up with a massive amount of duplicate entries, but that's a different issue.

    Thanks!

    0
    Comment actions Permalink

Please sign in to leave a comment.