Kevin Keech

1. Community
2. Using Sumo Logic
3. Search for Strings and count total occurrences

You will need to first parse the strings from your messages into a field and from there perform a count operation against the values found in that field. For example, given the following example me...

• View comment
• Kevin Keech
• October 14, 2019 23:31
• 0 votes

1. Community
2. Sending Data
3. Processing rule pattern doesn't seem to respect lookahead

Hi Lance, Lookaheads should work within the processing rules. The below expression. (username(?=@domain)) With a mask string of xxxx, should change username@domain to  xxxx@domain. I tried this out...

• View comment
• Kevin Keech
• September 23, 2019 16:35
• 0 votes

1. Community
2. General Discussion
3. parsing and counting

The multi-option should generate a new row for each value matched by the regular expression. So for example, if you have just 1 JSON message with 5 IDs and you perform a multi parse you will end up...

• View comment
• Kevin Keech
• September 23, 2019 16:00
• 0 votes

1. Community
2. Sending Data
3. java.lang.OutOfMemoryError in config/user.properties

Hi Wilson, This entry in the user.properties file is currently expected and normal and does not mean there is, or has been, an error with your Collector. This property is added automatically at ins...

• View comment
• Kevin Keech
• September 09, 2019 16:22
• 0 votes

1. Community
2. Using Sumo Logic
3. How to use pct function for number of requests?

Assuming you want the 95th percentile of the count per url the following should get that result.  | parse "url=*" as url | timeslice by 1m| count by _timeslice, url| pct(_count, 95) by url

• View comment
• Kevin Keech
• September 04, 2019 16:49
• 0 votes

1. Community
2. Query Library
3. Use _count as column (subquery)

The following query should help give you what you are looking for and does not require a subquery operation.  _sourceName = abc | parse "msgid= *" as msgId| timeslice 1h | count by msgId, _timeslic...

• View comment
• Kevin Keech
• August 27, 2019 19:58
• 0 votes

1. Community
2. Using Sumo Logic
3. How to delete old logs from sumo

Only if the logs from that microservice were specifically sent to its own Partition. Deletion can only be applied to a given time range and index (ie Partition/View) and deletion will delete all me...

• View comment
• Kevin Keech
• August 27, 2019 19:56
• 0 votes

1. Community
2. Sending Data
3. Adding older log data with epoch timestamps, however, Time always matches Receipt Time

Hi Aric, Sumo Logic assumes that all log messages coming from a particular Source will have timestamps that are within a window of -1 year through +2 days compared to the current time. Any log mess...

• View comment
• Kevin Keech
• August 16, 2019 20:37
• 0 votes

1. Community
2. Using Sumo Logic
3. Can we edit the data received by the collectors?

Hi Joe, What type of edits are you thinking of? Sumo Logic allows you to mask or hash data from your logs prior to indexing. Sumo Logic also allows you to filter messages from being sent via Includ...

• View comment
• Kevin Keech
• August 16, 2019 20:31
• 0 votes

1. Community
2. Sending Data
3. How to get Http Request header information from the sumo logs

This is something that would need to be configured within IIS, not within Sumo Logic. You would need to configure IIS to post this information into its logs so it can then be picked up by your Coll...

• View comment
• Kevin Keech
• May 27, 2019 03:35
• 0 votes