Enumerate Systems/Sources Monitored
Hello, I'm new to Sumo and trying to name/enumerate all the systems monitored by Sumo, what's the best way to do that?
Should I look for "_source" as a proxy for systems?
I tried to use "group by _source", however the result is affected by the timeframe I chose. I wanted to know all the system currently monitored, without being constricted by timeframe.
Please Advise, thanks!
-
Should I look for "_source" as a proxy for systems?
That depends on how you labeled the sources, but it is a good starting point. You can also search by "_collector" or any other metadata.
You are only allowed to search by a specific timerange, but you can also use the Collector Management API to get this information, and it is not limited by timerange. More information about this can be found at https://help.sumologic.com/APIs/Collector-Management-API.
Please sign in to leave a comment.
Comments
1 comment