Skip to main content
Sumo Logic

Add Reports to the Anomalies Page

Reports are defined by the set of logs that you tell Anomaly Detection to watch by specifying a filter-style query. Queries that produce aggregate results cannot be used in an Anomaly Report. For example, the following queries can be saved as a Report:

  • _sourceCategory=frontend
  • _sourceCategory=frontend and _sourceHost=frontend-5
  • _sourceCategory=frontend | parse "module=*," as module | where module="service"

You can add up to 15 Reports. After you create a new report, it takes some time for Anomaly Detection to develop a baseline behavior for that report—generally around six hours. During this time, no anomalies can be detected.

Define an Anomaly Report

  1. On the Anomalies page, click the double-arrow to the right of the Anomaly Reports Summary, and click New.

AnomalyDetection_New_Report_new.png

  1. In the New Report dialog box, under Report Name, enter a name for the Report
  2. For Query enter the query you’d like to save as a report. 
    anomaly_new_report_new.png
  3. Click Save.