Kevin Keech

Total activity 296
Last activity May 28, 2020 17:28
Member since December 13, 2012 03:37

Following 0 users
Followed by 0 users
Votes 0
Subscriptions 87

Activity overview

Latest activity by Kevin Keech

Kevin Keech commented, May 28, 2020 17:28
When you say you want to search, do you just want to return messages where the parsed field includes a specific string? If so then you can use a "matches" operation within a "where" statement like ...
- View comment
- Kevin Keech
- May 28, 2020 17:28
- 0 votes
Kevin Keech commented, May 24, 2020 23:40
Hi Rizwan, You will need to generate the AccessID and Key from within your Sumo Logic account, under your user preferences page. The following help documentation should assist with the process. htt...
- View comment
- Kevin Keech
- May 24, 2020 23:40
- 0 votes
Kevin Keech commented, May 24, 2020 23:37
There are a few ways you can parse this. (Note: I am assuming you want the name to the left of the epoch timestamp in the message) 1.) Since the logs are pipe-delimited you can use the "split" oper...
- View comment
- Kevin Keech
- May 24, 2020 23:38
- Edited
- 2 votes
Kevin Keech commented, May 09, 2020 01:52
H James, This is possible and there may be a couple of ways to do this. First would be using a subquery. Example: _sourcecategory=<transmission_sent>| parse "id: *" as id| where !( [subquery:_sour...
- View comment
- Kevin Keech
- May 09, 2020 01:53
- Edited
- 1 vote
Kevin Keech commented, May 09, 2020 01:29
Awesome. I noticed I had a small error in the field label for the "finished" field and have fixed that in my original post.
- View comment
- Kevin Keech
- May 09, 2020 01:29
- 0 votes
Kevin Keech commented, May 09, 2020 01:26
Keywords are not case sensitive; however, the matching operators will be case sensitive. When you say you add "error or Error" are you putting that literally in your query keywords like below?_coll...
- View comment
- Kevin Keech
- May 09, 2020 01:26
- 0 votes
Kevin Keech commented, May 09, 2020 01:13
Changing the name of the Collector or a Source should not affect the collection of logs, but it will change the metadata assigned to any logs received so you will need to make sure and change any q...
- View comment
- Kevin Keech
- May 09, 2020 01:13
- 0 votes
Kevin Keech commented, May 09, 2020 01:08
Under your Collector management page do you see messages under the count sparkline for the Collector?Couple of things I would first suggest. 1.) Disabling the multi-line processing on your Source. ...
- View comment
- Kevin Keech
- May 09, 2020 01:08
- 0 votes
Kevin Keech commented, May 09, 2020 00:55
Hi Wofi, Can you give the following a try?("finished their work" or "failed their work")| parse regex "(?<status>finished|failed) their work"| json field=_raw "arg0.details.person.name" as name| if...
- View comment
- Kevin Keech
- May 09, 2020 01:28
- Edited
- 0 votes
Kevin Keech commented, February 28, 2020 18:35
You can first parse the value | parse "\"score:*\"" as score If you want to then display where that score value is within a range you can add a where condition after the parsing. | parse "\"score:...
- View comment
- Kevin Keech
- February 28, 2020 18:35
- 0 votes