SumoLogic Concepts: Difference between revisions
Jump to navigation
Jump to search
| Line 29: | Line 29: | ||
{{External|[https://help.sumologic.com/05Search/Get-Started-with-Search/Search-Basics/Search-Metadata Search Metadata]}} | {{External|[https://help.sumologic.com/05Search/Get-Started-with-Search/Search-Basics/Search-Metadata Search Metadata]}} | ||
Metadata fields: | |||
====_collector==== | |||
The name of the Collector, as set when the Collector was installed, that received the log message. | |||
=Operator= | =Operator= | ||
Revision as of 03:53, 30 January 2019
Internal
Search
The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering keywords and operators, separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to:
keyword search or string search | parse | where | group-by | sort | limit
All queries start with a keyword search or a string search.
Keyword Search
String Search
Keyword
Keywords are case insensitive.
How to figure out the complete list of valid keywords.
Most used keywords:
- _sourceCategory
Metadata
Metadata fields:
_collector
The name of the Collector, as set when the Collector was installed, that received the log message.
Operator
Pipe
Wildcards
- means zero or more characters.
? means a single character.