Data Volume Index - Volume for Each Collector

June 04, 2014 23:29

http://help.sumologic.com/Help/Default.htm#Data_Volume_Index.htm

The Volume for Each Collector query produces an error:

There was a problem running your search.

_index=sumologic_volume _sourceCategory=collector_volume | parse regex "\"(?<collector>(?:[^\"]+)|(?:\"\"))\":{\"sizeInBytes\":(?<bytes>\d+),\"count\":(?<count>\d+)}" multi | bytes/1024/1024/1024 as gbytes by collector

string matching regex \z' expected butb' found

2 things,

What is the correct query?
Can you fix the documentation?

Thanks.

Comments

2 comments

Yoway Buorn

June 04, 2014 23:43
You can't group a mathematical expression so you need this:

_index=sumologic_volume _sourceCategory=collector_volume | parse regex "\"(?<collector>(?:[^\"]+)|(?:\"\"))\":{\"sizeInBytes\":(?<bytes>\d+),\"count\":(?<count>\d+)}" multi | bytes/1024/1024/1024 as gbytes | sum(gbytes) as gbytes by collector

Or some other aggregate operator if that's not the one you want.
0

Comment actions Permalink
Kevin Sumo

June 04, 2014 23:45
James,

I'll make sure the docs are updated.
0

Comment actions Permalink

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?