Matt

Official comment

1. Community
2. Query Library
3. Collating results from two different message

Hi Sundar, It will be difficult without seeing more context to provide a precise query for this one. Some questions I would have: Are there jobs besides ABB that need to be handled? Statuses beyon...

• View comment
• Matt
• December 30, 2019 18:56
• 0 votes

Official comment

1. Community
2. Sending Data
3. CSV header is being ingested as a log entry when ingesting using a HTTP collector

If you own the python code, I would just start the iterator with 1 instead of 0 index to start things at line 2. Or if using for x in list pattern, filter out there. If that's infeasible, yes, you ...

• View comment
• Matt
• July 01, 2019 14:00
• 0 votes

Official comment

1. Community
2. Using Sumo Logic
3. Regex parsing problems

If your sourcecategory has such a predictable pattern, I would avoid regex entirely and just use this: | split _sourcecategory delim='/' extract 1 as part1, 2 as part2, 3 as part3, 4 as part4   if ...

• View comment
• Matt
• June 29, 2019 20:42
• Edited
• 0 votes

Official comment

1. Community
2. Using Sumo Logic
3. Dahsboard pannel with log entires

Hi Justin, Sorry for the delay, hope this is still useful.  Dashboard panels can only be made from queries that use aggregate operators. Below would I think do what you require: // your query scope...

• View comment
• Matt
• June 27, 2019 18:56
• 0 votes

Official comment

1. Community
2. Sending Data
3. How to create an alert the log fields based on the percentage of failures?

sorry for delay. this might be a good use case for a subquery. the child query could determine whether or not you care to see the raw messages in that same 10m timewindow. if you don't need the raw...

• View comment
• Matt
• June 11, 2019 19:58
• 0 votes

1. Community
2. Sending Data
3. Collecting custom application metrics from docker containers

Hi Jacob, I note that a more recent check-in to the Docker collector does add support for Prometheus format See https://github.com/SumoLogic/sumologic-collector-docker/releases/tag/v19.227-19 The i...

• View comment
• Matt
• May 20, 2019 17:52
• 0 votes

Official comment

1. Community
2. Using Sumo Logic
3. WHERE clause using aggregate value, after using aggregate function to get value

once you've done the aggregation pct call, the duration is indeed dropped. You might consider splitting this into two queries. First query could be run as a scheduled search to save off the 95th pe...

• View comment
• Matt
• April 26, 2019 20:55
• Edited
• 0 votes

1. Community
2. Using Sumo Logic
3. Charting top 5 events as a percentage of all events

A version that does counts as well as %, as I just realized that was desired: _sourceCategory=CategoryICareAbout| count as occurrences by event_id | total(occurrences) as totaloccurrences| sort occ...

• View comment
• Matt
• April 26, 2019 20:13
• 1 vote

1. Community
2. Using Sumo Logic
3. Charting top 5 events as a percentage of all events

hopefully no one used the first version I posted above. Just edited to replace the 2nd to last line as follows: | if ((_accum=6), remainingpercent+percent, percent) as percent

• View comment
• Matt
• April 26, 2019 19:55
• 1 vote

Official comment

1. Community
2. Using Sumo Logic
3. Charting top 5 events as a percentage of all events

try this out, not sure if it's the most efficient way, but worked for me, of course using a different source category matching our test data. _sourceCategory=CategoryICareAbout| count event_id | to...

• View comment
• Matt
• April 26, 2019 20:01
• Edited
• 0 votes