How to count the occurrences of a regex match over time in sumologic?

Question

I have logs that have a particular error string that I would like to capture. I want to track the total errors over time and not care about any particular error because the error message contains an id which means every error is seen as different.

_collector="Service" 
| parse regex "error: (?<error>.+?(?=,))"
| timeslice 15m
| sum(error) as total_errors by _timeslice
| count by _timeslice, total_errors

The problem with this is that it does not correctly group the errors over time and instead shows a graph where each line is the separate error.

Any advice?

score 1 · Answer 1 · answered Nov 18 '20 at 03:16

1

So this turned out to be a case of over complicating things.

_collector="Service" "error:"
| timeslice 5m
| count by _timeslice

We don't need a regex because we don't care about the specific value.

answered Nov 18 '20 at 03:16

user3162553

2,699
3
37
61

How to count the occurrences of a regex match over time in sumologic?

1 Answers1