Avatar

Mark Drummond

  • Total activity 62
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 11
  • Subscriptions 15

Activity overview

Latest activity by Mark Drummond
  • Avatar

    Mark Drummond commented,

    That worked, thanks!

  • Avatar

    Mark Drummond created a post,

    Geo lookup on "data.ip OR ip"

    Due to a change in log format, the IP addresses I want to do a geo lookup on might be stored under "data.ip" for new logs, or just "ip" for older logs. I want to do the equivalent of: | lookup lati...

  • Avatar

    Mark Drummond created a post,

    Log access defaults to allow all?

    Is it my imagination or is the default log access behaviour in Sumo "allow all"? It seems to me that, in order to limit someone's access to logs, I must assign them at least one role that limits th...

  • Avatar

    Mark Drummond created a post,

    Searching from a list of keywords

    Example: "I need all log entries related to users 'jane', 'john', 'alice', and 'bob'." Given a list of user identifiers, search my logs for log entries that match any of the user identifiers in the...

  • Avatar

    Mark Drummond created a post,

    Understanding search filters

    ref: https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/Construct-a-Search-Filter-for-a-Role Just looking for some confirmation of my understanding of filters on roles: Scenario: Imagin...

  • Avatar

    Mark Drummond commented,

    That put me on the right path. Here is what I ended up with (apologies for the link ... cut and paste is not working for me and I'm not going to type it out here): https://pastebin.com/DKkJQZAv I w...

  • Avatar

    Mark Drummond commented,

    Hi Mario. I am using the Cloudflare app, but the WAF Rules Triggered query is just pulling the WAFRuleID field, which is not what I am looking for. The most common WAFRuleID is "981176", which is a...

  • Avatar

    Mark Drummond commented,

    Guessing I need some regex magic to make this work. What I have below is counting each unique set of triggered rules, but not counting the individual rules within each set, which is what I am shoot...

  • Avatar

    Mark Drummond created a post,

    Histogram of the elements in a list in a JSON log

    Edit: I think I am asking the same thing that is being asked here: https://support.sumologic.com/hc/en-us/community/posts/360005813714-Counting-number-of-elements-in-json-array?input_string=Histogr...

  • Avatar

    Mark Drummond commented,

    Hello Sourabh. I haven't gone through all the panels in detail, but the ones I had a look at look good to me. Thanks for fixing this up.