Matt Sullivan

Total activity 71
Last activity April 26, 2019 20:55
Member since October 10, 2017 21:12

Following 0 users
Followed by 0 users
Votes 0
Subscriptions 38

Activity overview

Latest activity by Matt Sullivan

Matt Sullivan commented, April 26, 2019 20:36
Official comment
once you've done the aggregation pct call, the duration is indeed dropped. You might consider splitting this into two queries. First query could be run as a scheduled search to save off the 95th pe...
- View comment
- Matt Sullivan
- April 26, 2019 20:55
- Edited
- 0 votes
Matt Sullivan commented, April 26, 2019 20:13
A version that does counts as well as %, as I just realized that was desired: _sourceCategory=CategoryICareAbout| count as occurrences by event_id | total(occurrences) as totaloccurrences| sort occ...
- View comment
- Matt Sullivan
- April 26, 2019 20:13
- 1 vote
Matt Sullivan commented, April 26, 2019 19:55
hopefully no one used the first version I posted above. Just edited to replace the 2nd to last line as follows: | if ((_accum=6), remainingpercent+percent, percent) as percent
- View comment
- Matt Sullivan
- April 26, 2019 19:55
- 1 vote
Matt Sullivan commented, April 26, 2019 18:31
Official comment
try this out, not sure if it's the most efficient way, but worked for me, of course using a different source category matching our test data. _sourceCategory=CategoryICareAbout| count event_id | to...
- View comment
- Matt Sullivan
- April 26, 2019 20:01
- Edited
- 0 votes
Matt Sullivan commented, April 16, 2019 16:59
Official comment
Looks as if this has gone a while without an answer. Apologies for the delay. I'm not 100% sure I'm following the question but will take a stab. Sumo Logic doesn't need to understand what you write...
- View comment
- Matt Sullivan
- April 16, 2019 16:59
- 0 votes
Matt Sullivan commented, April 11, 2019 19:23
Official comment
have you considered using host metrics on the Windows server, and just set a metrics monitor vs. missing data?
- View comment
- Matt Sullivan
- April 11, 2019 19:23
- Edited
- 0 votes
Matt Sullivan commented, April 11, 2019 19:15
Official comment
try this:format("%.1f %s", last_percentage*100,"%") as last_percentagethat's modified from sample here: https://help.sumologic.com/05Search/Search-Query-Language/Search-Operato...
- View comment
- Matt Sullivan
- April 11, 2019 19:15
- 0 votes
Matt Sullivan commented, April 11, 2019 15:54
Official comment
First I would definitely upvote idea 1834 which asks for CIDR based lookup tables. Meantime I would just do something like this:| where !(ip="127.0.0.1" or ip="127.0.0.2" or com...
- View comment
- Matt Sullivan
- April 11, 2019 15:54
- 0 votes
Matt Sullivan commented, April 09, 2019 20:32
Official comment
I tried your code vs. some sample data. It does seem to work, just that elements in the service.action field will vary based on the action so the nodrop keeps a lot of messages with empty ip and lo...
- View comment
- Matt Sullivan
- April 09, 2019 20:32
- 0 votes
Matt Sullivan commented, March 25, 2019 15:41
Official comment
Why-Would-a-Scheduled-Search-Fail lists a few common reasons. Since a real-time alert basically runs continuously, testing the performance is critical. If after ruling out some of the common reason...
- View comment
- Matt Sullivan
- March 25, 2019 15:41
- 0 votes