Skip to main content
Sumo Logic

2.1 You want to focus on a specific time frame

Problem

Log investigations often center on a particular time range, and messages outside that time are irrelevant. The preset choices--Last 15 minutes, Last 60 minutes, and so on--end at the current time, which may not be what you want.

Solution

Enter a precise time range to narrow the results of the search. Click in the time range field and type a range, such as:

04/11/2016 20:32:00 to 04/11/2016 20:35:00

This example will limit your search to log messages timestamped in the three minutes starting at 8:32 p.m and ending at 8:35 p.m.

Discussion

Time range expressions are very flexible. You can specify a start time only—the end time defaults to the current time—or you can specify a date only, in which case the time defaults to midnight. You can even specify time zones for start and end times.

When you know when the event you are investigating occurred, narrowing the search timeframe can greatly improve search performance.