QuickStart your Sumo Logic service with this exclusive webinar.When you are building a search query, you have the option to add a time range expression in the time range field. Sumo Logic provides the following operations for converting and formatting timestamps, which can be used to return the week number for a given timestamp. Sumo Logic provides the formatDateoperator to assist with converting epoch to readable dates using the Java SimpleDateFormat. To convert the epoch time into a date formatted string, you can put the first two functions together, like this: * | formatDate(_messagetime, "MM-dd-yyyy HH:mm:ss") as myDate #Formatting timeslice sumologic how toĪt these monthly live events you will learn how to capitalize on critical capabilities that can amplify your log analytics and monitoring experience while providing you with meaningful business and IT insights. This kind of function is useful for calculating rolling widows, like filtering your data for every record in the past 7 days or the past year. However, in the case where you are first using an aggregate operation on an epoch such as Min, Max Avg, you may also need to convert the return value to a "long" value using the toLong function. DATEADD () add an amount of time to a date. DATESUB () subtract an amount of time from a date. INTERVAL use plus and minus signs to add time to a date. ![]() Graphs count (status, path, timeslice) with the X axis timeslice and Y axis count, with one line per unique (status, path). This is because when you run these aggregate functions, the return value gets reformatted as a double which the formatDate function cannot read. timeslice 5m count by status, path, timeslice transpose row timeslice column path, status. This may lead to the following error being displayed with your query. No definition found for function formatDate(Double, String). To address this we will need to add a conversion operation within the formatDate to convert the returned epoch to a long value. | formatDate(toLong(mindate), "MM-dd-yyyy HH:mm:ss") as myDate You'd have to tag the successes versus failures before applying a timeslice using an if statement. Then apply the timeslice and aggregate on the fields and calcuate the ratio. Something like: sourceCategorymyService json fieldraw 'log.Log' as logmessage json fieldraw 'log.Barcode' as logBarcode json fieldraw 'log. The timeslice operator aggregates data by time period, so you can create bucketed results based on a fixed interval (for example, five-minute buckets). Sumo Logic further needs a 13 digit epoch timestamp for the formatDate operator. Timeslice also supports creating a fixed-target number of buckets, for example, 150 buckets over the last 60 minutes. So in cases where you have 10 digit epoch timestamps, you will need to convert it to 13 digits by multiplying your current value by 1000.The data volume index is populated with a set of log messages every five minutes. The messages contain information on how much data (by bytes and messages count) your account is ingesting. Next, well convert the IP addresses that are in a decimal format to the standard IP address using octets. Your data volume is calculated based on when your logs were received, in Sumo this timestamp is stored with the _receiptTime metadata field. Each log message includes information based on one of the following index source categories. You can query the data volume index just like any other message using the Sumo Logic search page. ![]() To see the data created within the data volume index, when you search, specify the _index metadata field with a value of sumologic_volume. For more information, see Search Metadata. Sumo Logic provides an application that utilizes the data volume index to see your account's volume usage as a glance. There is a known issue when searching against _sourceCategory values where scheduled views show up blank. ![]() This causes results to be returned with numbers as the _sourceCategory values.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |