The Anomalies page displays incidents occurring over the most recent six hours. What if you'd like to review incidents that happened 12 or 24 hours ago, or even a month ago? Sumo Logic retains data associated with incidents that you can review by running a query on-demand, or even as a scheduled search.
This data is indexed in such a manner that historical search results are returned very quickly.
To view historical Incidents:
- On the Anomalies page, click the Incidents button.
- The Search page launches and the query _index=sumologic_anomaly_events runs with a time range of the last 12 hours. If necessary, adjust the time range and run the search again. The results display, similar to:
- To view additional information about an incident, click View Details, which launches the Signatures pane for the Incident.
You can then investigate the signatures associated with the Incident as you'd like.