SumoLogic Concepts: Difference between revisions
Jump to navigation
Jump to search
(→Search) |
(→Search) |
||
| Line 5: | Line 5: | ||
=Search= | =Search= | ||
The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering [[#Keyword|keywords]] and [[#Operator|operators]], separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. | The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering [[#Keyword|keywords]] and [[#Operator|operators]], separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to: | ||
keyword search | parse | where | group-by | sort | limit | |||
=Keyword= | =Keyword= | ||
Revision as of 02:58, 30 January 2019
Internal
Search
The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering keywords and operators, separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to:
keyword search | parse | where | group-by | sort | limit