How to stop Sumo Logic alerts

Question

How can I (force) stop receiving the Sumo Logic alerts?

I have scheduled a Sumo Logic search, and started receiving the email alerts. However, after I unscheduled it (Run frequency = "Never") and even deleted it, I'm still receiving these alerts. It's been over 24 hours now.

I am looking at our org's "Library"; that's where I deleted the scheduled search. Is there anywhere else I can look to see why it's still running?

Answer 1

With the help of Sumologic Support, I got to the bottom of this.

In short, I had saved my scheduled search elsewhere (duplicating it) by mistake, and it was this other instance (of which I was unaware) that was sending the alerts.

Looking back, this is where it had gone wrong:

1. first, I created a scheduled search by running a Sumo search and clicking "Save As"; I saved it to a team folder, where it really belonged
2. some time later, I must have run the query again and clicked "Save As" again
   • this is wrong; after a query is saved once, it should be modified via the "Edit" link, not "Save As"
   • what's worse, the "Save As" dialog offers my personal folder as the default save location, and I must have overlooked it, thus producing a copy of my scheduled search
3. at this point, I had two identical searches scheduled: one in the team folder, and one in my personal folder (which I didn't know about); no matter how I modified the scheduled search in the team folder, even deleting it, I never stopped being alerted (because the other search was still active)

I recommend using Sumologic Support; they accessed my account, looked around, and quickly figured out what was wrong.

Answer 2

You may have multiple copies of the same query.

When you receive Alert email, it includes a link to query. Open the link and then “Edit” it, then change schedule to “Never”