Sign up for a live Kubernetes or DevSecOps demo

Click here

Kevin Keech

Posts by Kevin Keech

Blog

New Features to Optimize Your Scheduled Searches

Last week Sumo Logic rolled out several new enhancements to Scheduled Searches that will make it easier to continuously monitor your stack and receive notifications on critical events. Scheduled searches are just standard searches that have been saved, and are executed on a schedule you set. As you create your scheduled search, you can configure several different alert types including email, Script Action, ServiceNow Connection, Webhook, Save to Index, and Real-time Alerts. Once configured, the scheduled search runs continuously in the background and triggers the alert type you’ve selected. The new enhancements give you more control over the scheduling of searches, and allow you to customize how and when the search results are presented. This post introduces you to these new features and shows how you can make best use of them. If you’d like a personal tour through the new scheduled-search features, register for our webinar, “Optimize Your Scheduled Searches is Here” to be held on November 17. Specify the Scheduled Timezone When you schedule a search within Sumo Logic, the search is by default scheduled to run within the timezone set by the user’s preferences. Sumo Logic now allows you to specify a timezone other than your preferred timezone. When used in combination with the other scheduling options, your search will now run at the time and timezone set within the search. Global teams that use a standard timezone like UTC will find the timezone option especially helpful, allowing all members to see the same results and avoid confusion. This option also provides the user creating the scheduled search with the flexibility to make the email results relevant to the recipients that may be located anywhere in the world. Weekly Scheduling Option Answering the call for popular feature request, Sumo Logic has increased the scheduled-search frequency to allow for weekly scheduling and reporting. When you select the weekly option, you can select a specific day and time of the week for your search to run. Custom CRON Scheduling Option For cases where the default scheduling options just don’t fit your needed schedule, Sumo Logic now allows you to input a custom CRON expression to fully customize the scheduled day and time of your search. With the custom CRON option, you can schedule your search to run monthly on a set day and hour, certain days of the week, specific hours within a day, or any other combination you can think of. The custom CRON scheduling utilizes the Quartz CRON format. For more information on formatting your CRON expression, see Using a CRON Expression in Sumo Logic. Note: In order make sure your scheduled searches are run on time, Sumo Logic does not support scheduling searches with CRON at an interval less than 15 minutes. If you need a schedule that is less than 15 minutes, consider using the standard scheduling options of the search. Set a Custom Email Subject Another useful feature is that you can now specify the email subject for your Scheduled Search emails using a set of predefined placeholders along with your own text. This makes it easier to recognize, organize, and filter these emails within your inbox. Don’t want to update your existing email filters or Scheduled Searches? Don’t worry. We supply a default subject that matches the previous email format. Your existing searches will continue to use that subject until the owner of the search decides to change it. Select How You Want to Receive Results Display only the information you want to see within the Scheduled Search emails by selecting which sections to include. Show or hide the results histogram image, the search query string, or the summarized results set. Additionally, you can include up to the first 1000 results from your query attached as a .CSV file. Note that there’s a 5MB limit. Learn More About Scheduled Searches The new enhancements in Scheduled Search now allows you to create highly customized alert notifications so that you can customize your notification systems and work seamlessly with global teams. If you’d like to learn more about using Scheduled Searches, join us for our upcoming webinar, or visit Sumo Logic DocHub for complete product documentation.