Only the First message is being logged.


    Kevin Keech

    Hi Frank,

    From the initial description, it sounds like you might have a timestamp parsing misconfiguration with your Source. If the first line of your logs does not have a timestamp the receipt time will be used and this line will show up within a search covering the time the log was received, however, if the rest of the messages have a timestamp and Sumo Logic incorrectly interpreted the time from that timestamp (usually an issue with detecting time zone) these messages may not appear within the same search.

    What you can do to confirm if this is the issue is select the "Use Receipt Time" checkbox found just under the time range selection and re-run your query. This option will return all messages based on the time received. If your messages appear with this you should then be able to compare the +Time" field to the timestamp found within the raw message and see if there was a misinterpretation and can then adjust your Source configuration accordingly.

    Again in most cases, we see this is an issue of the Time zone being misinterpreted. By default, Sumo Logic will assume UTC if a timezone cannot be detected within the message timestamp. So if your logging in a different time zone this can cause an incorrect time parse. In this case you'll need to change your Source configuration so it uses the same time zone used by the source service. 

    More on time stamp parsing can be found within the following help.

    Timestamps, Time Zones, Time Ranges, and Date Formats


