Skip to main content
Sumo Logic

Drill Down into Events

There are two ways to gain more insight into an Event. First, click an event to see a high-level view of the Signatures related to the discrepancy. Or, second, for more granular information, you can view the log messages assigned to the Signature.

In the Signatures graph, the lines represent the count of signatures over time, while the bar represents the Event.

anomaly_detection_drill_down.png

To drill down into an Event:

  1. Click the Event in a Report.
  2. Do any of the following:
  • Use the time range field to visualize more data around the event.
  • Review the Signatures assigned to the Event to discover what triggered the Event.
  • Check the Score column to check to see if the Event is new, increasing, decreasing, or has not changed.
  • Check the Change column to see if the event's frequency as increased or decreased via the arrow indicator.
  • To review additional information, click the black triangle to the left of the Signature to view the log messages associated with the Signature.
    anomaly_drill_down_view_signatures.png
  • Click the Hide All Signatures button to deselect all Signatures. Then click each signature one at a time to add their corresponding color-coded lines to the graph individually.
  • Click Show All Signatures to add all corresponding signature lines to the graph at once.
  • Click the black triangle next to the Hide All Signatures button to expand the space for signatures with more than one line to be displayed.

To return to the Anomaly page, click the black arrow in the top left-hand corner next to the name of the Event.