Matt Sullivan

Total activity 49
Last activity November 15, 2018 15:14
Member since October 10, 2017 21:12

Following 0 users
Followed by 0 users
Votes 0
Subscriptions 28

Activity overview

Latest activity by Matt Sullivan

Matt Sullivan commented, November 15, 2018 15:10
Official comment
if by total, you mean within the timeslice, and you are only alerting based on the count, no longer using outlier's standard deviation approach, just replace the outlier line with| where _count >...
- View comment
- Matt Sullivan
- November 15, 2018 15:14
- Edited
- 0 votes
Matt Sullivan commented, November 15, 2018 15:01
Official comment
Sorry for delay. Long answer here. Bear with me. 1. Using lookup today works only vs. individual IPs, not ranges. Idea 1834 is one you can upvote which would make range lookups easier. 2. there is...
- View comment
- Matt Sullivan
- November 15, 2018 15:03
- Edited
- 0 votes
Matt Sullivan commented, November 11, 2018 13:54
Official comment
there is a hex to decimal conversion operator https://help.sumologic.com/05Search/Search-Query-Language/Search-Operators/hexToDec also hex to ASCII : https://help.sumologic.com/05Search/Search-Qu...
- View comment
- Matt Sullivan
- November 11, 2018 15:25
- Edited
- 0 votes
Matt Sullivan commented, November 11, 2018 13:54
Official comment
there is a hex to decimal conversion operator https://help.sumologic.com/05Search/Search-Query-Language/Search-Operators/hexToDec also hex to ASCII : https://help.sumologic.com/05Search/Search-Qu...
- View comment
- Matt Sullivan
- November 11, 2018 15:26
- Edited
- 0 votes
Matt Sullivan commented, November 11, 2018 13:44
Official comment
assuming you want to just show results from category1 where Id from category 2 is present, you might opt to move the subquery to the scoping portion of the query, and presuming category1 does not h...
- View comment
- Matt Sullivan
- November 11, 2018 13:44
- 0 votes
Matt Sullivan commented, September 10, 2018 15:48
Official comment
this could be any number of conditions, I would highly recommend getting a support case open for this one.
- View comment
- Matt Sullivan
- September 10, 2018 15:48
- 0 votes
Matt Sullivan commented, September 10, 2018 15:24
Official comment
prob best to split the Time into its parts, then you have an actual integer where compares work, e.g. | split Time delim=':' extract 1 as hh, 2 as mm, 3 as ss| where hh > 15 and hh < 23 hope...
- View comment
- Matt Sullivan
- September 10, 2018 15:24
- 0 votes
Matt Sullivan commented, August 07, 2018 21:33
Official comment
Sorry for the delay answering. We're frequently adding to our offerings on Azure (as well as AWS and GCP) so this answer may become outdated and I would recommend perusing the release notes from ti...
- View comment
- Matt Sullivan
- August 07, 2018 21:44
- Edited
- 0 votes
Matt Sullivan commented, August 07, 2018 19:47
Official comment
Sorry for the delay on this one. If you haven't already, definitely open a support ticket (or keep working the existing one if already opened) so we can help track this down. I would include detail...
- View comment
- Matt Sullivan
- August 07, 2018 19:47
- 0 votes
Matt Sullivan commented, June 28, 2018 17:19
Official comment
this sounds a lot like an idea that is gaining traction: https://ideas.sumologic.com/ideas/SL-I-2271 that you may wish to upvote. for your specific use case, sounds like you wrote the monitor code...
- View comment
- Matt Sullivan
- June 28, 2018 17:19
- 0 votes