Dashboard limitation

Follow
Avatar
Vera Chen

Hi! I have a sumo logic free account, I was wondering what the limitations of the dashboards are? I've customized my own dashboards and only some of the monitors have data... I have tested my queries in my dashboards where the graphs are not showing up and I'm wondering if this is due to a limitation or not on my account? I tried to delete a bunch of monitors from the applications I downloaded so that I could create only custom monitors but it doesn't seem like it has helped free up the dashboard monitors. I read that I should be able to configure up to 20 monitors? Right now I only have about 10 enabled but only2 are showing data- should I be able to see in the dashboard exactly what my test query shows (show in query test shows graph in the search feature)?

 

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Kevin Keech

    Hi Vera,

    Monitors work a bit differently than the interactive search in that they read messages only as they are received into the system. Monitors read messages as they are received into the system and compares the parsed message time to the current monitor window. If the message time does not fit the monitor that message is ignored. What this means is if there is any significant delay in the logs being sent to Sumo Logic it is possible that the monitors will not display that data due to the parsed message times being outside of the current monitor window leading to a "No Data To Display" message in the monitor. The most typical cause of this is the timezone within the logs not being properly detected and an incorrect default timezone being configured within the Source configuration.

    The following KB article has more information on this and should be a good starting point.

    https://sumologic.zendesk.com/entries/26574656-My-Dashboard-says-No-Data-to-Display-but-my-interactive-query-returns-results

    Note the following query addition which will show you the time the service received the messages versus the time parsed from the logs.

    | formatDate(fromMillis(_receipttime), "MM/dd/yyyy HH:mm:ss:SSS") as receipt

    You'll want to compare the "Time" property to the "reciept" property and ensure that these match. If the "Time" property is more than 10 minutes greater than the "receipt" property then the message would not fall within the monitor but may show in an interactive search about 10 minutes later.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post