list categories & collector name

Comments

3 comments

  • Avatar
    Don Gothing

    Hi,

     

    Are you trying to get a list of all categories grouped by collector? I tried this to get the collector and sourceCategory:

     

    * | count by _sourceCategory, _collector | fields -_count

     

    0
    Comment actions Permalink
  • Avatar
    NOC User

    Thanks!!

    need assistance on below

    1. query to check all the status health checks of all collectors & source category.

    2. query to check as source category is collecting data or not for last 7 days.

     

    0
    Comment actions Permalink
  • Avatar
    Don Gothing

    It sounds like the health events beta would be helpful for your use case.

     

    You can always see health status of collectors on the Collection page by going to Manage Data > Collection

     

    A quick way to check whether or not a source category is collecting data over a time period would be to run a query that counts how many logs were added to the category over that time period. Using the query from earlier in the thread we can add a where statement and change the timeframe via the dropdown. This one shows zero new logs:

    * | count by _sourceCategory, _collector | where _count=0

    If you were to comment out the where statement you could see which sourceCategories are ingesting the most messages, or sort ascending to see which are ingesting the fewest.

    0
    Comment actions Permalink

Please sign in to leave a comment.