![]() Since this will query all log data you have submitted, it will take some time to complete. Only run the following query for the most recent 15 minute time range. You can further expand this query to give you a count in minutes between the two times, sorted by Collector and Source, to quickly determine which sources may need a configuration update or further review. * | formatDate(fromMillis(_receipttime), "MM/dd/yyyy HH:mm:ss:SSS") as receipt If you want to use compare with timeslice, dont alias timeslice. Thunderbird 500 pics, First light marathon results, Sumologic time slice. formatDate (fromMillis (receipttime), 'MM/dd/yyyy HH:mm:ss:SSS') as receipt You can further expand this query to give you a count in minutes between the two times, sorted by Collector and Source, to quickly determine which sources may need a configuration update or further review. If the log message is a valid json, the json operator can be used directly. The Sumo Logic Continuous Intelligence Platform automates the collection, ingestion, and analysis of application, infrastructure, security, and IoT data to derive actionable insights within. It will also work with outlier, timeslice, and transpose. Carmen reviriego wealth, Sas group by formatted date, Parmele law firm. It makes the fields of the json structure accessible for downstream operators. The following simple query compares the message time to receipt time, which allows you to immediately see if your messages are coming in late, if Sumo Logic is not properly parsing the timezone from the logs, or if the default timezone is improperly set. timeslice 5m count by timeslice Result: Pattern 4: JSON When handling JSON logs, the json parse command is a valuable ally. When creating sources with unknown timestamps and timezones, it is often helpful for troubleshooting to know the difference between the time the service received the message and the actual message time within the log file.
0 Comments
Leave a Reply. |