SumoLogic Concepts: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
(→Search) |
||
| Line 7: | Line 7: | ||
The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering [[#Keyword|keywords]] and [[#Operator|operators]], separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to: | The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering [[#Keyword|keywords]] and [[#Operator|operators]], separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to: | ||
[[#Keyword_Search|keyword search]] ''or'' string search | parse | where | group-by | sort | limit | [[#Keyword_Search|keyword search]] ''or'' [[#String_Search|string search]] | parse | where | group-by | sort | limit | ||
=Keyword= | =Keyword= | ||
Revision as of 03:04, 30 January 2019
Internal
Search
The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering keywords and operators, separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to:
keyword search or string search | parse | where | group-by | sort | limit