Skip to main content
Sumo Logic

Add Reports to the Anomalies Page

Reports are defined by the set of logs that you tell Anomaly Detection to watch by specifying a filter-style query. Queries that produce aggregate results cannot be used in an Anomaly Report. For example, the following queries can be saved as a Report:

  • _sourceCategory=frontend
  • _sourceCategory=frontend and _sourceHost=frontend-5
  • _sourceCategory=frontend | parse "module=*," as module | where module="service"

You can add up to 15 Reports. After you create a new report, it takes some time for Anomaly Detection to develop a baseline behavior for that report—generally around six hours. During this time, no anomalies can be detected.

Define an Anomaly Report

  1. On the Anomalies page, click the double-arrow to the right of the Anomaly Reports Summary, and click New. New.png
  2. In the New Report dialog box, under Report Name, enter a name for the Report.
  3. For Query enter the query you’d like to save as a report. 
    New Report.png
  4. Click Save.