Matt Sullivan

Official comment

1. Community
2. Sending Data
3. CSV header is being ingested as a log entry when ingesting using a HTTP collector

If you own the python code, I would just start the iterator with 1 instead of 0 index to start things at line 2. Or if using for x in list pattern, filter out there. If that's infeasible, yes, you ...

• View comment
• Matt Sullivan
• July 01, 2019 14:00
• 0 votes

Official comment

1. Community
2. Using Sumo Logic
3. Regex parsing problems

If your sourcecategory has such a predictable pattern, I would avoid regex entirely and just use this: | split _sourcecategory delim='/' extract 1 as part1, 2 as part2, 3 as part3, 4 as part4   if ...

• View comment
• Matt Sullivan
• June 29, 2019 20:42
• Edited
• 0 votes

Official comment

1. Community
2. Using Sumo Logic
3. Dahsboard pannel with log entires

Hi Justin, Sorry for the delay, hope this is still useful.  Dashboard panels can only be made from queries that use aggregate operators. Below would I think do what you require: // your query scope...

• View comment
• Matt Sullivan
• June 27, 2019 18:56
• 0 votes

Official comment

1. Community
2. Sending Data
3. How to create an alert the log fields based on the percentage of failures?

sorry for delay. this might be a good use case for a subquery. the child query could determine whether or not you care to see the raw messages in that same 10m timewindow. if you don't need the raw...

• View comment
• Matt Sullivan
• June 11, 2019 19:58
• 0 votes

1. Community
2. Sending Data
3. Collecting custom application metrics from docker containers

Hi Jacob, I note that a more recent check-in to the Docker collector does add support for Prometheus format See https://github.com/SumoLogic/sumologic-collector-docker/releases/tag/v19.227-19 The i...

• View comment
• Matt Sullivan
• May 20, 2019 17:52
• 0 votes

Official comment

1. Community
2. Using Sumo Logic
3. WHERE clause using aggregate value, after using aggregate function to get value

once you've done the aggregation pct call, the duration is indeed dropped. You might consider splitting this into two queries. First query could be run as a scheduled search to save off the 95th pe...

• View comment
• Matt Sullivan
• April 26, 2019 20:55
• Edited
• 0 votes

1. Community
2. Using Sumo Logic
3. Charting top 5 events as a percentage of all events

A version that does counts as well as %, as I just realized that was desired: _sourceCategory=CategoryICareAbout| count as occurrences by event_id | total(occurrences) as totaloccurrences| sort occ...

• View comment
• Matt Sullivan
• April 26, 2019 20:13
• 1 vote

1. Community
2. Using Sumo Logic
3. Charting top 5 events as a percentage of all events

hopefully no one used the first version I posted above. Just edited to replace the 2nd to last line as follows: | if ((_accum=6), remainingpercent+percent, percent) as percent

• View comment
• Matt Sullivan
• April 26, 2019 19:55
• 1 vote

Official comment

1. Community
2. Using Sumo Logic
3. Charting top 5 events as a percentage of all events

try this out, not sure if it's the most efficient way, but worked for me, of course using a different source category matching our test data. _sourceCategory=CategoryICareAbout| count event_id | to...

• View comment
• Matt Sullivan
• April 26, 2019 20:01
• Edited
• 0 votes

Official comment

1. Community
2. Managing Sumo Logic
3. In script action alert type for my data, what should be the format of entering field names in my python script file for sumologic to recognize those field names?

Looks as if this has gone a while without an answer. Apologies for the delay. I'm not 100% sure I'm following the question but will take a stab. Sumo Logic doesn't need to understand what you write...

• View comment
• Matt Sullivan
• April 16, 2019 16:59
• 0 votes