Skip to content

Commit 3bb0609

Browse files
kimsaucekimsauce
authored
Update Log Search config options (#5289)
* Update Log Search config options * Update docs/search/get-started-with-search/build-search/use-receipt-time.md * Update docs/search/get-started-with-search/build-search/use-receipt-time.md
1 parent 7861179 commit 3bb0609

File tree

7 files changed

+89
-92
lines changed

7 files changed

+89
-92
lines changed

docs/search/get-started-with-search/build-search/dynamic-parsing.md

Lines changed: 70 additions & 83 deletions
Large diffs are not rendered by default.

docs/search/get-started-with-search/build-search/use-receipt-time.md

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,35 @@
11
---
22
id: use-receipt-time
33
title: Use Receipt Time
4-
description: You can display search results in the order that the Collector received the messages in milliseconds.
4+
description: Enable the Use Receipt Time feature to display search results in the order that the Collector received the messages in milliseconds.
55
---
66

7+
import useBaseUrl from '@docusaurus/useBaseUrl';
8+
9+
<!-- When Intelliparse goes GA, update this doc to reflect new Search Config...
10+
11+
Parsing
12+
* Intelliparse
13+
* Auto Parse
14+
* Manual
15+
16+
Timestamp
17+
* Message Time
18+
* Receipt Time
19+
-->
20+
21+
By default, log searches run by Message time. Enable the **Use Receipt Time** setting to run the search by Receipt time, which is the timestamp when a log message hits the Sumo Logic receivers.
722

823
To search data based on the order that Collectors received the messages use **Receipt Time**. This option has the search reference the [metadata](../search-basics/built-in-metadata.md) field `_receiptTime` instead of `_messageTime`, giving you the ability to view the difference in the parsed [timestamp](/docs/send-data/reference-information/time-reference) (`_messageTime`) and receipt time (`_receiptTime`) to pinpoint Sources that may be parsing the message's timestamps incorrectly.
924

1025
## Run a search by Receipt Time
1126

12-
To run a search by Receipt Time:
27+
To run a log search by Receipt Time:
1328

1429
1. Enter your query in the search text box.
1530
1. Choose the Time Range for the query.
16-
1. Click the gear icon to open the **Search Config** menu and toggle **Use Receipt Time** on.
17-
18-
![receipt time option.png](/img/search/get-started-search/build-search/receipt-time-option.png)
19-
 
20-
1. Review the search results for wide discrepancies between message timestamp and receipt time to pinpoint Sources with incorrect timestamps:
21-
22-
![receipt time results in messages tab.png](/img/search/get-started-search/build-search/receipt-time-results-messages-tab.png)
31+
1. Click the gear icon to open the **Search Config** menu and toggle on **Use Receipt Time**.<br/><img src={useBaseUrl('img/search/get-started-search/build-search/receipt-time-option.png')} alt="receipt time option.png" style={{border: '1px solid gray'}} width="450"/>
32+
1. Review the search results for wide discrepancies between message timestamp and receipt time to pinpoint Sources with incorrect timestamps:<br/><img src={useBaseUrl('img/search/get-started-search/build-search/receipt-time-results-messages-tab.png')} alt="receipt time results in messages tab.png" width="700"/>
2333

2434
## Resolving timestamp/receipt time issues
2535

static/img/search/get-started-search/build-search/dynamic-parsing/auto-parse-mode-option.png

17.9 KB
Loading

static/img/search/get-started-search/build-search/dynamic-parsing/field-browser-search-field.png

34 KB
Loading

static/img/search/get-started-search/build-search/receipt-time-option.png

13.7 KB
Loading

static/img/search/get-started-search/build-search/use-receipt-time/messages-with-receipt-time.png

-55.8 KB
Binary file not shown.

static/img/search/get-started-search/build-search/use-receipt-time/use-receipt-time.png

-5.97 KB
Binary file not shown.

0 commit comments

Comments
 (0)