SumoLogic Concepts: Difference between revisions
Jump to navigation
Jump to search
(→Search) |
No edit summary |
||
| Line 9: | Line 9: | ||
[[#Keyword_Search|keyword search]] ''or'' [[#String_Search|string search]] | parse | where | group-by | sort | limit | [[#Keyword_Search|keyword search]] ''or'' [[#String_Search|string search]] | parse | where | group-by | sort | limit | ||
=Keyword= | ==Keyword Search== | ||
== | ==String Search== | ||
= | =Keyword= | ||
=Operator= | =Operator= | ||
=Pipe= | =Pipe= | ||
Revision as of 03:05, 30 January 2019
Internal
Search
The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering keywords and operators, separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to:
keyword search or string search | parse | where | group-by | sort | limit