Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add sumologic source #1078

Open
wants to merge 21 commits into
base: master
Choose a base branch
from
Open

Conversation

juju4
Copy link
Contributor

@juju4 juju4 commented Jan 7, 2023

Sumologic log platform
https://www.sumologic.com/

Reviewed with pylint and black

{
"statements": [
{
"query": "WITH datetime()-duration('P7D') AS threshold MATCH (h:SumologicHost) WHERE h.lastupdated < threshold WITH h LIMIT $LIMIT_SIZE DETACH DELETE (h)",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you tell us how this works?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the same thing as before but cleaning only entries lastupdated older than 7 days as per #1015


| Field | Description |
|-------|-------------|
|tool_first_seen| Timestamp of when first available logs for host is available since first sync|
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you meant to add the schema for the hosts?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand the comment.
On tool_first_seen, this is limited by the duration given to sumologic query. if query only last 7d log, the earliest first seen is only 7d old, even if logging platform can have more.
But querying on long time period is expensive. And if the platform aka cartography server lives long enough, it will get there.

@juju4
Copy link
Contributor Author

juju4 commented Feb 25, 2023

is there something that I can help to move this forward?
outside of the points left above for which I would like inputs too.

@chandanchowdhury chandanchowdhury added the data-addition Describes adding new data to the graph label Jul 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
data-addition Describes adding new data to the graph
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants