Skip to main content
Sumo Logic

View Historical Anomaly Incidents

The Anomalies page displays incidents occurring over the most recent six hours. What if you'd like to review incidents that happened 12 or 24 hours ago, or even a month ago? Sumo Logic retains data associated with incidents that you can review by running a query on-demand, or even as a scheduled search.

This data is indexed in such a manner that historical search results are returned very quickly.

To view historical Incidents:

  1. On the Anomalies page, click the Incidents button.
  2. The Search page launches and the query _index=sumologic_anomaly_events runs with a time range of the last 12 hours. If necessary, adjust the time range and run the search again. The results display, similar to:
  3. To view additional information about an incident, click View Details, which launches the Signatures pane for the Incident.

    Signatures .png
    You can then investigate the signatures associated with the Incident as you'd like.