SumoLogic Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 34: Line 34:
====_collector====
====_collector====


The name of the Collector, as set when the Collector was installed, that received the log message.
The name of the [[#Collector|Collector]], as set when the Collector was installed, that received the log message.


=Operator=
=Operator=

Revision as of 03:53, 30 January 2019

Internal

Search

The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering keywords and operators, separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to: 

keyword search or string search | parse | where | group-by | sort | limit

All queries start with a keyword search or a string search.

Keyword Search

String Search

Keyword

Keywords are case insensitive.

How to figure out the complete list of valid keywords.

Most used keywords:

  • _sourceCategory

Metadata

Search Metadata

Metadata fields:

_collector

The name of the Collector, as set when the Collector was installed, that received the log message.

Operator

Pipe

Wildcards

  • means zero or more characters.

? means a single character.

Collector

Retrieved from "https://kb.novaordis.com/index.php?title=SumoLogic_Concepts&oldid=53936"