2

With Sumo Logic, what is the difference between 'cluster' and '_sourceCategory'?

I've tried looking at the documentation but am not finding anything for cluster itself. If you know, please share the knowledge.

mnickey
  • 727
  • 1
  • 6
  • 15
  • Could you share a query where you're using "cluster"? That isn't a keyword or operator in Sumo Logic, so it must be specific to your environment. – the-nick-wilson Jul 23 '19 at 20:01

1 Answers1

3

There is nothing like cluster in sumo logic. It is _sourceCategory and _sourceHost. _sourceCategory basically just means the name of categories to which these logs belong. For example: If you are ingesting logs of a service named X, you can put its _sourceCategory as X and then search for it with query _sourceCategory=X

If you cluster name is Y and your nodes are numbered Y-1,Y-2 ... Y-10, then you can search it like _sourceHost=Y*. This would give you all the logs for cluster Y.

Priyansh Goel
  • 2,660
  • 1
  • 13
  • 37