Avatar

Graham Watts

Follow
  • Total activity 109
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 1 user
  • Votes 0
  • Subscriptions 65

Activity overview

Latest activity by Graham Watts
  • Avatar

    Graham Watts commented,

    Official comment
    1. Community
    2. Managing Sumo Logic
    3. O365 hosted collector not capturing logs suddenly

    Hello Kunihko,Please log a support ticket here so that we can investigate and resolve this for you as quickly as possible: https://support.sumologic.com/hc/en-us/requests/new

  • Avatar

    Graham Watts commented,

    1. Community
    2. Using Sumo Logic
    3. How to search based on number

    Hi Kota,There are a few options here, parse anchor is probably the easiest assuming these fields are consistently in the order shown in your example log. _sourceCategory=<my/category>| parse "* | *...

  • Avatar

    Graham Watts commented,

    Official comment
    1. Community
    2. Sending Data
    3. Showing two searches in the same graph

    Hey Soumya,You can plot both series in one table like this: (_sourceCategory=app1 or  _sourceCategory=app2) "HTTP/1.1 500" | count by _sourceCategory| sort _count You could also plot these over ti...

  • Avatar

    Graham Watts commented,

    1. Community
    2. Managing Sumo Logic
    3. Data Limit per collector?

    Hi Sagan, You can use our new feature, Ingest Budgets, to apply a limit of collection per collector. This assumes you have an Enterprise Sumo subscription. Let us know if this is what you are looki...

  • Avatar

    Graham Watts commented,

    Official comment
    1. Community
    2. Using Sumo Logic
    3. List of unique sourceHosts in a sourceCategory

    Hey David,Can you try this query and let us know if this is what you're trying to see? _sourceCategory=prod/network| count by _sourceHost // assuming these are the source IPs| count by _sourceHost ...

  • Avatar

    Graham Watts commented,

    1. Using Sumo Logic
    2. Searching Logs
    3. How to Create and Alert on Ratios or Percentages?

    Hey Ramakrishna,Are you trying to show the trend in percent of 400s? If so you could use something like this: _sourceCategory=graham/travel/nginx| parse "HTTP/1.1\" * " as sc nodrop| if(sc matches ...

  • Avatar

    Graham Watts commented,

    Official comment
    1. Community
    2. General Discussion
    3. Parsing- need help

    Hey Aakif,Parse regex multi will allow you to parse out as many values for LoadBalancerName as there are in each log:https://help.sumologic.com/05Search/Search-Query-Language/01-Parse-Operators/02-...

  • Avatar

    Graham Watts commented,

    Official comment
    1. Community
    2. Using Sumo Logic
    3. How to write this subquery

    Hey Alex,Transactionize can be very useful especially in this type of use case. Another way to get the duration is to use max() and min(), then do some math by each trace-id:| max(_messagetime), mi...

    • View comment
    • Graham Watts
    • Edited
    • 0 votes
  • Avatar

    Graham Watts commented,

    Official comment
    1. Community
    2. Using Sumo Logic
    3. Custom fields on metric queries

    Hey Eliezer,I would suggest 2 options here: 1. Consider using Carbon2 metrics format Depending on what is generatin the metric, that tool may have an option to do this Carbon2 format allows you to...

    • View comment
    • Graham Watts
    • Edited
    • 0 votes
  • Avatar

    Graham Watts commented,

    1. Community
    2. Sending Data
    3. integrating redshift with sumologic

    Hey Ravi,Seems like there are 2 options here: Collect the data in Sumo and query it there- Where is the data coming from? If its already in S3 or CloudWatch log groups you can use native Sumo sour...