Kevin Keech2

1. Community
2. Using Sumo Logic
3. Parse out items of a list that has a variable length

Agree with using parse regex / multi. Here is another example that captures the file name as well as the size.  | parse regex "(?:\[|,\s+)(?<name>.*?)\(size=(?<size>\d+)\)" multi When using the Mul...

• View comment
• Kevin Keech2
• February 25, 2021 20:18
• 1 vote

1. Community
2. Applications and Integrations
3. Terraform sumologic provider generates "Error 401 Full authentication is required" when trying to create Collector

Good to see you got things working. So your account is in the Sumo Logic "US1" deployment, which does not have a specific deployment ID within the URLs. This is also why you and others don't see th...

• View comment
• Kevin Keech2
• June 12, 2020 18:43
• 0 votes

1. Community
2. Applications and Integrations
3. Terraform sumologic provider generates "Error 401 Full authentication is required" when trying to create Collector

There are a few things that could lead to authentication issues that you will want to check. 1.) The user who generated the AccessKey/ID has the permissions to Manage Collectors2.) The proper deplo...

• View comment
• Kevin Keech2
• June 12, 2020 18:44
• Edited
• 0 votes

1. Community
2. Query Library
3. Search the string after base64decoding

When you say you want to search, do you just want to return messages where the parsed field includes a specific string? If so then you can use a "matches" operation within a "where" statement like ...

• View comment
• Kevin Keech2
• May 28, 2020 17:28
• 0 votes

1. Community
2. General Discussion
3. Sumologic setup

Hi Rizwan, You will need to generate the AccessID and Key from within your Sumo Logic account, under your user preferences page. The following help documentation should assist with the process. htt...

• View comment
• Kevin Keech2
• May 24, 2020 23:40
• 0 votes

1. Community
2. Using Sumo Logic
3. How to search based on number

There are a few ways you can parse this. (Note: I am assuming you want the name to the left of the epoch timestamp in the message) 1.) Since the logs are pipe-delimited you can use the "split" oper...

• View comment
• Kevin Keech2
• May 24, 2020 23:38
• Edited
• 2 votes

1. Community
2. Query Library
3. Reconcile ID's present in one source category but absent in another

H James, This is possible and there may be a couple of ways to do this. First would be using a subquery.  Example: _sourcecategory=<transmission_sent>| parse "id: *" as id| where !( [subquery:_sour...

• View comment
• Kevin Keech2
• May 09, 2020 01:53
• Edited
• 1 vote

1. Community
2. Using Sumo Logic
3. How do I calculate multiple percentages based off a key?

Awesome. I noticed I had a small error in the field label for the "finished" field and have fixed that in my original post. 

• View comment
• Kevin Keech2
• May 09, 2020 01:29
• 0 votes

1. Community
2. General Discussion
3. sumo query searches - are they case sensitive?

Keywords are not case sensitive; however, the matching operators will be case sensitive. When you say you add "error or Error" are you putting that literally in your query keywords like below?_coll...

• View comment
• Kevin Keech2
• May 09, 2020 01:26
• 0 votes

1. Community
2. Managing Sumo Logic
3. Hosted collector not capturing logs after collector name change

Changing the name of the Collector or a Source should not affect the collection of logs, but it will change the metadata assigned to any logs received so you will need to make sure and change any q...

• View comment
• Kevin Keech2
• May 09, 2020 01:13
• 0 votes