Graham Watts

Official comment

1. Community
2. General Discussion
3. How to setup a low-latency scheduled search which doesn't duplicate results?

Hello,Can you share a bit more about your use case? There are a few potential solutions here depending on what you are trying to do.For example, how frequently do you need to deliver the data, and ...

• View comment
• Graham Watts
• January 10, 2022 19:50
• 0 votes

Official comment

1. Community
2. Using Sumo Logic
3. Log Monitor - How to use receipt time?

Hi Tim,I am confirming with my alerting Product Manager but I believe using _receiptTime for Logs Monitors is not yet supported. You may need to use Scheduled Searches for this.Also, which source t...

• View comment
• Graham Watts
• April 01, 2021 04:41
• 0 votes

1. Community
2. Using Sumo Logic
3. Using multiple operators in a single query

Happy to help Aaron, I am a fan of doing it all in one search if possible! 

• View comment
• Graham Watts
• March 03, 2021 01:43
• 0 votes

Official comment

1. Community
2. Using Sumo Logic
3. Random or every Nth value

Hi Chris,On method for sampling results in a query is parsing out the timestamp. You can use parse regex, for example, to parse the number for hours, minutes, and seconds.If you have a timestamp wi...

• View comment
• Graham Watts
• March 02, 2021 05:54
• 0 votes

Official comment

1. Community
2. Using Sumo Logic
3. Using multiple operators in a single query

Hi Arron,It's hard to confirm without testing but Yit seems like you may be able to use the accum and total operators here, can you try this approach?_sourceCatagory=test _sourceName=test| parse ip...

• View comment
• Graham Watts
• March 02, 2021 02:11
• 0 votes

Official comment

1. Community
2. General Discussion
3. search access control

Hi Nagaraju,For this use case, you should use a Search Filter for the Role assigned to all users who should not see this sensitive data.For example, if your log line looks like this: 2020-09-0...

• View comment
• Graham Watts
• September 08, 2020 01:44
• 0 votes

Official comment

1. Community
2. Managing Sumo Logic
3. O365 hosted collector not capturing logs suddenly

Hello Kunihko,Please log a support ticket here so that we can investigate and resolve this for you as quickly as possible: https://support.sumologic.com/hc/en-us/requests/new

• View comment
• Graham Watts
• July 13, 2020 01:41
• 0 votes

1. Community
2. Using Sumo Logic
3. How to search based on number

Hi Kota,There are a few options here, parse anchor is probably the easiest assuming these fields are consistently in the order shown in your example log. _sourceCategory=<my/category>| parse "* | *...

• View comment
• Graham Watts
• May 24, 2020 23:39
• 1 vote

Official comment

1. Community
2. Sending Data
3. Showing two searches in the same graph

Hey Soumya,You can plot both series in one table like this: (_sourceCategory=app1 or  _sourceCategory=app2) "HTTP/1.1 500" | count by _sourceCategory| sort _count You could also plot these over ti...

• View comment
• Graham Watts
• August 30, 2019 00:01
• 0 votes

1. Community
2. Managing Sumo Logic
3. Data Limit per collector?

Hi Sagan, You can use our new feature, Ingest Budgets, to apply a limit of collection per collector. This assumes you have an Enterprise Sumo subscription. Let us know if this is what you are looki...

• View comment
• Graham Watts
• August 26, 2019 04:47
• 1 vote