Harinder Bhandari
- Total activity 145
- Last activity
- Member since
- Following 0 users
- Followed by 0 users
- Votes 1
- Subscriptions 81
Comments
Votes on activity by Harinder Bhandari Sort by votes-
Unix epoch timestamps are supported in the following formats: 10 digit epoch time format surrounded by brackets (or followed by a comma). The digits must be at the very start of the message. For e...
-
Hi Zack You can use this search using parse regex: _sourceCategory=windows ("4720" OR "4723" OR "4724")| parse regex "\"EventID\"\:\"(?<EventID>.*?)\"," nodrop| parse regex "\"TargetUserName\":\"(?...
-
Hi Prabhu, You can export content from US deployment by doing these steps: Export Content in the Library In the Library, do either: To export an item, navigate to it, click the details icon for t...
-
Hi Elliot, You should parse regex and use multi option to parse list of items of variable length. For Example: | parse regex "size=(?<file_size>.*?)\)\," multi https://help.sumologic.com/05Search/S...
-
Currently, "Run Time" FER only applies to JSON data, and all other data is parsed and "Applied at" the ingest time. Hope this helps. Thanks
-
Hi Cameron, Since it needs more investigation, It would be best if you open a support ticket with Sumo Logic providing the dashboard and panel name. we will help you with the solution. Thanks, Ha...
-
Please try downgrading your collector to a lower than 19.209-23 version and see if that fixes docker stats issue.
-
Since your app is logging data to local file system. You can use an installed collector and configure a local file source to upload data to Sumo Logic. Here are steps to install a collector on Lin...
-
Hi Zack, You can use this search query: _sourceCategory=windows ("4723")| parse regex "\"EventID\"\:\"(?<EventID>.*?)\"," nodrop| parse regex "\"TimeCreated\":\"(?<event_time>.*?)\"," nodrop| pars...
-
Hope you have created an installation token as per steps documented here: https://help.sumologic.com/Manage/Security/Installation_Tokens If it is taking longer than expected to register your colle...