Graham Watts
- Total activity 128
- Last activity
- Member since
- Following 0 users
- Followed by 1 user
- Votes 0
- Subscriptions 74
Articles
Votes on activity by Graham Watts Sort by votes-
LogReduce by Timeslice: Visualize Trends in Your Signatures
LogReduce can now be used with the timeslice operator. This allows you to visualize how signatures detected with LogReduce are changing over time. _sourceCategory=your/category/here "error"| timesl...
LogCompare: Detecting Patterns and Changes Across Environments and Time
LogCompare can be used to automatically expose and alert on anomalous patterns in your logs. First, determine the target dataset you want to inspect. This is usually the 'broken' environment - the ...
How to Create and Alert on Ratios or Percentages?
The If operator can be used to construct new fields for calculating things like the ratio of 400 or 500 error codes to total requests. This example will show how to calculate this error ratio, then...
What are my throttling limits?
Throttling occurs when you exceed a certain multiplier of you per minute data volume ingest, calculated from your daily average ingest.To provide an example with a 10GB per day account, the average...
How can I store data for longer than my retention period?
In SumoLogic, the data in a partition can not be retained beyond the retention period of that partition. However, you can leverage the Data Forwarding feature of SumoLogic which allows you to forwa...
Does Sumo Logic has any Field Extraction Rule templates?
Yes, when you create a field extraction rule you can choose from the 'Templates' drop-down list. If you can't find the one you need, try parsing in the search interface, then copying that scope and...
How can I be notified if I am being throttled?
The best way to monitor for this is to set up the Sumo Logic Audit Index, then create an alert for the ‘Account Throttled’ event.
How to Compare and Alert on Historical Data
The Time Compare operator can be used to overlay and compare historical data with current data. For example, if you wanted to show a trend of errors, today vs. yesterday, you could use: "error"| ti...