Searches for "After-Hours" Activity

Follow

Ryan Lovergine

• January 30, 2020 20:07

Using Sumo Logic for Security Monitoring use-cases, we like to monitor for activities that occur "after-hours". How would we structure a query that looks for events between say, 8PM - 5AM? We know how to build the query for the activities, but we're having issues figuring out how to specify the time window.

0

• 

  Rick Jury

  • January 30, 2020 21:38

  one way you could do this is use a cron schedule in the scheduled for the alert so it only runs at specific time windows each day. https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Script-Source/Cron-Examples-and-Reference

  0

  Comment actions Permalink
• 

  Joseph Plunkett

  • February 05, 2020 13:45

  | where (hour > 18 or hour < 6)     :)

  0

  Comment actions Permalink

Please sign in to leave a comment.