Convert splunk query to Sumo logic

Follow
Avatar
Manivannan Krishnamoorthy

This is splunk query -

index=mobility AUTO_RECHARGE_BATCH_REMINDER OR "c.t.o.n.s.SmtpEmailService" OR "c.t.o.n.s.SmsSenderService"

| fields HTTP_CORRELATION_ID, AUTO_RECHARGE_BATCH_REMINDER, subject, msn

| transaction HTTP_CORRELATION_ID maxspan=5m

| search AUTO_RECHARGE_BATCH_REMINDER (subject OR msn)

| append [search index=mobility AUTO_RECHARGE_BATCH_REMINDER NOT EMAIL_SEND NOT SMS_SEND (HUB_request_msn OR EMAIL_MODEL_subject)]

 

I need this to be converted to sumologic.

Any suggestions?

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Jorge Silva

    Hello Mani,

    The first line in your query would be the metadata that references the data in Sumo Logic followed by the same keywords you are using. 

    For the second line, it looks like you are pre-parsing that data in Splunk using a feature similar to Field Extraction Rules in Sumo Logic. If you are not pre-parsing this data in Sumo Logic using FERs, then you will have to manually parse it in the query. You can read more about parsing operators at https://help.sumologic.com/05Search/Search-Query-Language/01-Parse-Operators.

    I'm not sure about the rest of your query. It would be best if you open a support ticket with Sumo Logic and explain what this query does and provide an output example in Splunk (Screenshot). This would help us help you in translating this query. To open a ticket with Support, please go to support.sumologic.com or email support@sumologic.com. For more information about contacting support, please go to https://help.sumologic.com/01Start-Here/03About-Sumo-Logic/Contact-Us.

    Best regards,

    Jorge

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post