Skip to content

Searchable Time (Beta) #5248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Searchable Time (Beta) #5248

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e307986
Searchable Time (Beta)
JV0812 Apr 7, 2025
a66fef6
content fix
JV0812 Apr 8, 2025
8fcfce8
Merge branch 'main' into searchable-time-beta-docs
JV0812 Apr 8, 2025
9e8b011
Update docs/search/get-started-with-search/build-search/use-searchabl…
JV0812 Apr 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions docs/search/get-started-with-search/build-search/use-searchable-time.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
id: use-searchable-time
title: Use Searchable Time (Beta)
sidebar_label: Use Searchable Time (Beta)
description: You can display search results in the order when the logs become available for search.
---

import useBaseUrl from '@docusaurus/useBaseUrl';

<head>
<meta name="robots" content="noindex" />
</head>

<p><a href="/docs/beta"><span className="beta">Beta</span></a></p>

**Searchable Time** refers to the additional processing time required to make logs available for searching after they are received by the Sumo Logic system. This processing includes enrichment, indexing, and storage, all of which contribute to the overall Searchable Time.

Previously, it was recommended to use receipt time instead of message time to avoid issues with missing duplicate data. However, this often led to inconsistent error messages due to variable ingestion latency and non-linear receipt time indexing. **Searchable Time** resolves this issue by marking the time only when the data is truly searchable. This provides a linear timeline, ensuring that running queries with non-overlapping but exhaustive time ranges will prevent any gaps or duplication in the data.

:::info
Currently, **Searchable Time** is only available for the Log Search UI page and Scheduled Search queries.
:::

## Run a search by Searchable Time

Follow the below steps to run a search by Searchable Time:

1. Enter your query in the search text box.
1. Choose the time range for the query.
1. Click the gear icon to open the **Search Config** menu and toggle **Searchable Time** on.<br/><img src={useBaseUrl('/img/search/get-started-search/build-search/searchable-time-option.png')} alt="searchable-time-option" style={{border:'1px solid gray'}} width="500" />  
1. Review the search results for wide discrepancies between message time, receipt time, and searchable time.<br/><img src={useBaseUrl('/img/search/get-started-search/build-search/searchable-time-results-messages-tab.png')} alt="searchable-time-results-messages-tab" style={{border:'1px solid gray'}} width="800" />

## Limitations

- Subqueries are not supported for Searchable Time.
Binary file added static/img/search/get-started-search/build-search/searchable-time-option.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...search/get-started-search/build-search/searchable-time-results-messages-tab.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.