Status showing logs, can't find them in search

Comments

4 comments

  • Avatar
    James Sperry

    also tried different timeframes.  Data started coming in around 3:40pm PST

    Tried "Today", -1h, and "-1h to +12h"

    Data is from today.

    0
    Comment actions Permalink
  • Avatar
    Kevin Keech

    James, Try using the "Use Receipt TIme" option, this way your searching by the time Sumo received the messages instead of the parsed message time.

    If you see messages coming in on the status tab but they are not showing in the recent time range when you search by parsed message time then you may have a time parsing problem with the Source. The "Use Receipt Time" option should make it easier to see if this is the case.

     

    2
    Comment actions Permalink
  • Avatar
    James Sperry

    I found part of the issue, the hostname was being set as the AWS Instance ID, rather than the name I set in /etc/sumo.conf

    Also, I set the Source Category at the host level, and now I'm seeing the logs.

    Thanks.

    1
    Comment actions Permalink
  • Avatar
    Sagan Sidhu

    In case anyone else has the same problem:

     

    The issue can also be a user permission problem, of your access to the data, based on your role(s).

    In my case I had multiple roles assigned to my user, and there was a conflict.

    See the section that says "How do roles work together?"

    https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/About-Roles

     

    It seems once you have an assigned role that has a "Search Filter" limitation, you no longer get access to all data; even if you have a general role that has no "Search Filter" limitation.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.