Reference Information for Sources

These topics contain reference information for Sources for installed and hosted Collectors.

In this section, we will introduce the following concepts:

📄️ Collecting Multiline Logs

Sumo Logic Sources by default have multiline processing enabled. Multiline processing is used to ensure a log message that is made up of multiple lines, separated by a line break or carriage return, are properly grouped as a single log message when ingested into Sumo Logic.

📄️ Metadata Naming Conventions

Sumo Logic has built-in metadata fields that are tagged to your log messages, such as Source Host and Source Category. This metadata is attached to your log messages at collection-time. These tags are very important since they provide valuable keywords and terms you can use to find targeted results in search queries.

📄️ Source Log Encoding

The type of log encoding supported by Sumo Logic depends on the source you are using.

📄️ Timestamps, Time Zones, Time Ranges, and Date Formats

We support several options for timestamps, time zones, time ranges, and dates. When collecting log data, the timestamp attached to messages is vital, both for the integrity of the data in your account, and for accurate query results. Because of the importance of timestamps, Sumo Logic indexes the timestamp of each message, making sure that data relevant to a query’s time range is returned properly in search results, which allows you to reconstruct a correct event timeline.

📄️ Using Wildcards in Paths

Rather than entering each file by name, using wildcards in the Source path allows you to collect all files of a certain type within one or more directories, or many files from many directories. When specifying file names (or paths) in Microsoft Windows and Unix-like operating systems, the asterisk character (\*) substitutes for any zero or more characters, and the question mark (?) substitutes for any one character.