Matt Sullivan

Total activity 53
Last activity February 14, 2019 22:54
Member since October 10, 2017 21:12

Following 0 users
Followed by 0 users
Votes 0
Subscriptions 30

Activity overview

Latest activity by Matt Sullivan

Matt Sullivan commented, February 14, 2019 22:54
Official comment
sorry for delay, just spotted this one. not sure if true for every version of windows, but downloaded is eventcode 17 from the update client. this event can have multiple patches that need to be in...
- View comment
- Matt Sullivan
- February 14, 2019 22:54
- 0 votes
Matt Sullivan commented, February 11, 2019 18:24
Official comment
Make sure you're in edit mode when changing the time range, e.g. click the pencil icon at top of the screen, and save after adjusting the time ranges so they become the defaults.
- View comment
- Matt Sullivan
- February 11, 2019 18:24
- 0 votes
Matt Sullivan commented, November 15, 2018 15:10
Official comment
if by total, you mean within the timeslice, and you are only alerting based on the count, no longer using outlier's standard deviation approach, just replace the outlier line with| where _count >...
- View comment
- Matt Sullivan
- November 15, 2018 15:14
- Edited
- 0 votes
Matt Sullivan commented, November 15, 2018 15:01
Official comment
Sorry for delay. Long answer here. Bear with me. 1. Using lookup today works only vs. individual IPs, not ranges. Idea 1834 is one you can upvote which would make range lookups easier. 2. there is...
- View comment
- Matt Sullivan
- November 15, 2018 15:03
- Edited
- 0 votes
Matt Sullivan commented, November 11, 2018 13:54
Official comment
there is a hex to decimal conversion operator https://help.sumologic.com/05Search/Search-Query-Language/Search-Operators/hexToDec also hex to ASCII : https://help.sumologic.com/05Search/Search-Qu...
- View comment
- Matt Sullivan
- November 11, 2018 15:25
- Edited
- 0 votes
Matt Sullivan commented, November 11, 2018 13:54
Official comment
there is a hex to decimal conversion operator https://help.sumologic.com/05Search/Search-Query-Language/Search-Operators/hexToDec also hex to ASCII : https://help.sumologic.com/05Search/Search-Qu...
- View comment
- Matt Sullivan
- November 11, 2018 15:26
- Edited
- 0 votes
Matt Sullivan commented, November 11, 2018 13:44
Official comment
assuming you want to just show results from category1 where Id from category 2 is present, you might opt to move the subquery to the scoping portion of the query, and presuming category1 does not h...
- View comment
- Matt Sullivan
- November 11, 2018 13:44
- 0 votes
Matt Sullivan commented, September 10, 2018 15:48
Official comment
this could be any number of conditions, I would highly recommend getting a support case open for this one.
- View comment
- Matt Sullivan
- September 10, 2018 15:48
- 0 votes
Matt Sullivan commented, September 10, 2018 15:24
Official comment
prob best to split the Time into its parts, then you have an actual integer where compares work, e.g. | split Time delim=':' extract 1 as hh, 2 as mm, 3 as ss| where hh > 15 and hh < 23 hope...
- View comment
- Matt Sullivan
- September 10, 2018 15:24
- 0 votes
Matt Sullivan commented, August 07, 2018 21:33
Official comment
Sorry for the delay answering. We're frequently adding to our offerings on Azure (as well as AWS and GCP) so this answer may become outdated and I would recommend perusing the release notes from ti...
- View comment
- Matt Sullivan
- August 07, 2018 21:44
- Edited
- 0 votes