![sumo timeslice sumo timeslice](https://help.sumologic.jp/@api/deki/files/213/Status-code.png)
– The * wildcard is supported for non-numeric filters Filters allow for panels results to be limited dynamically.Timeslice operator enables you to segment your Ex: _collector=*apache*| count by _sourceCategory | sort by _count.Ex: (Error OR fail*)| count by _sourcecategory, _sourcehost.EX: _collector=*apache* | count by _sourceCategory.– Ability to aggregate results sets and grouping them by metadata fields Dissecting your result sets using Metadata Fields.– Ex: _sourceCategory=Apache* | count as mycount The count Operator enables you to group messages that match a classification.Must come after basic operators such as parse.Take advantage of interactive dashboard filtersĮvaluates messages and places them into groups Parse the data on ingest rather than run-time simplifies searches – Mastering Regular Expressions by Jeffrey E.F. Regular Expressions – References and Resources Use if the construct of the messages is inconsistent.Extracts nested information via regular expressions.– parse regex: Extracts nested information via regexĮxtracting and Labeling Additional Fields – parse anchor: Leverages beginning and ending anchors Mathematical – operations on value sets.– Enables you to perform additional operations Parsing enables a user to extract parts of a message and classify them as.Identify unexpectedly high or low values within determined thresholds.Investigation view into your environment. LogReduce uses fuzzy logic and soft matching to cluster messages providing quick.Narrow your time-range down as much as possible Use parse anchor instead of parse regex for structured messagesĪvoid the use of expensive parse regex tokens like. Limit result sets before aggregating data user=a | count by user Use metadata and keyword combinations to reduce scope Determine the data available through your search.Using keywords helps bloom filters locate data very quickly Metadata tags + keywords | parse | filter | aggregate | sort | limitĬombine these keywords with metadata fields Keywords and operators (separated by pipes) that build on top of each other Tags added to your messages when data is collected _sourceName Name of the log file (including path) _sourceHost Hostname of the server this data came from _source Name of the source this data came through _collector Name of the collector this data came from
![sumo timeslice sumo timeslice](https://image.slidesharecdn.com/sumologicquickstarttrainingfeb2016-160211211406/95/sumo-logic-quick-start-feb-2016-32-638.jpg)
Take advantage of the content Library and Appsĭata Collection Search & Analyze Visualize & Monitor Visualize and Monitor through Dashboards & Alerts At the completion of this webinar, you will be able to…