Matt Sullivan

Total activity 82
Last activity December 30, 2019 18:56
Member since October 10, 2017 21:12

Following 0 users
Followed by 0 users
Votes 0
Subscriptions 43

Activity overview

Latest activity by Matt Sullivan

Matt Sullivan commented, December 30, 2019 18:56
Official comment
Hi Sundar, It will be difficult without seeing more context to provide a precise query for this one. Some questions I would have: Are there jobs besides ABB that need to be handled? Statuses beyon...
- View comment
- Matt Sullivan
- December 30, 2019 18:56
- 0 votes
Matt Sullivan commented, July 01, 2019 14:00
Official comment
If you own the python code, I would just start the iterator with 1 instead of 0 index to start things at line 2. Or if using for x in list pattern, filter out there. If that's infeasible, yes, you ...
- View comment
- Matt Sullivan
- July 01, 2019 14:00
- 0 votes
Matt Sullivan commented, June 29, 2019 20:16
Official comment
If your sourcecategory has such a predictable pattern, I would avoid regex entirely and just use this: | split _sourcecategory delim='/' extract 1 as part1, 2 as part2, 3 as part3, 4 as part4 if ...
- View comment
- Matt Sullivan
- June 29, 2019 20:42
- Edited
- 0 votes
Matt Sullivan commented, June 27, 2019 18:56
Official comment
Hi Justin, Sorry for the delay, hope this is still useful. Dashboard panels can only be made from queries that use aggregate operators. Below would I think do what you require: // your query scope...
- View comment
- Matt Sullivan
- June 27, 2019 18:56
- 0 votes
Matt Sullivan commented, June 11, 2019 19:58
Official comment
sorry for delay. this might be a good use case for a subquery. the child query could determine whether or not you care to see the raw messages in that same 10m timewindow. if you don't need the raw...
- View comment
- Matt Sullivan
- June 11, 2019 19:58
- 0 votes
Matt Sullivan commented, May 20, 2019 17:52
Hi Jacob, I note that a more recent check-in to the Docker collector does add support for Prometheus format See https://github.com/SumoLogic/sumologic-collector-docker/releases/tag/v19.227-19 The i...
- View comment
- Matt Sullivan
- May 20, 2019 17:52
- 0 votes
Matt Sullivan commented, April 26, 2019 20:36
Official comment
once you've done the aggregation pct call, the duration is indeed dropped. You might consider splitting this into two queries. First query could be run as a scheduled search to save off the 95th pe...
- View comment
- Matt Sullivan
- April 26, 2019 20:55
- Edited
- 0 votes
Matt Sullivan commented, April 26, 2019 20:13
A version that does counts as well as %, as I just realized that was desired: _sourceCategory=CategoryICareAbout| count as occurrences by event_id | total(occurrences) as totaloccurrences| sort occ...
- View comment
- Matt Sullivan
- April 26, 2019 20:13
- 1 vote
Matt Sullivan commented, April 26, 2019 19:55
hopefully no one used the first version I posted above. Just edited to replace the 2nd to last line as follows: | if ((_accum=6), remainingpercent+percent, percent) as percent
- View comment
- Matt Sullivan
- April 26, 2019 19:55
- 1 vote
Matt Sullivan commented, April 26, 2019 18:31
Official comment
try this out, not sure if it's the most efficient way, but worked for me, of course using a different source category matching our test data. _sourceCategory=CategoryICareAbout| count event_id | to...
- View comment
- Matt Sullivan
- April 26, 2019 20:01
- Edited
- 0 votes