timeslice operator to collect data from a specific date till now

Comments

1 comment

  • Official comment
    Avatar
    Rahul Choudhary

    Hey Rahul,

    Kindly find the answer to your question below:

    1) I'm new to sumologic, I am setting up a new panel in sumologic for our Jfrog artifactory. Is there any way that we can use the timeslice operator to collect the data from a specific data to the current time. For example, "timeslice <specific-date> <current time>".
    B: The timeslice operator or infact any operator that is there in the product is not for the collection but rather to be used while running the search queries against the ingested data.

    The timeslice operator segregates data by time period, so you can create bucketed results based on a fixed interval (for example, five-minute buckets) while querying the data.

    You should rather use "collection should begin" parameter which can be seen on the source configuration page (as in the attached example) to provide the time-range for which you want to collect/ingest the data into Sumo Logic.

    2) Also with the Time range for scheduled search, i'm getting the error "Invalid query. Static time range is not allowed for scheduled searches" ( For example, i selected the time range 11/02/2020 1:00:00 PM to current date). if the static time range is not allowed for scheduled searches, what's the alternate?
    Answer: You need to use absolute time-range while running a scheduled search

    Please review this KB article:
    https://help.sumologic.com/Visualizations-and-Alerts/Alerts/02-Schedule-a-Search

    1. Time range for scheduled search. Indicates the time range your query will use to execute, which impacts the results generated by the query. Select the Last 24 Hours, to get a daily alert. Otherwise, select the time range you want the scheduled search to be run on. Absolute time range; for example, 06/10/2020 1:00:00 PM to 06/10/2020 2:00:00 PM is not allowed in Scheduled Searches and presents the message like this:
      Invalid query. Static time range is not allowed for scheduled searches. 

     

    This setting is different than the Time Range option configured for the Saved Search. The first time range is only used when you run the Saved Search from the Library. This Time Range applies to your Scheduled Search.

    Alternately type a time range; for example, -15m to run the search against data generated in the past 15 minutes. A time range outside the maximum allowed range for a given frequency is not allowed and presents the message like this:
    Invalid query. Max allowed time range for 15 minutes frequency is 1 day

    The maximum allowed time range for different scheduled search frequencies is as below:

    Frequency Max Allowed Time Range
    Real Time 15 minutes
    15 min 1 Day
    15 min -1 hour 7 Days
    1 hour - 3 hours 15 Days
    3 hour - 12 hours 30 Days
    More than 12 hours More than 30 days


    Hope this helps.

    Best Regards,
    Rahul

    Comment actions Permalink

Please sign in to leave a comment.