SumoLogic Concepts

From NovaOrdis Knowledge Base
Revision as of 03:18, 30 January 2019 by Ovidiu (talk | contribs) (→‎Keyword)
Jump to navigation Jump to search

Internal

Search

The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering keywords and operators, separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to: 

keyword search or string search | parse | where | group-by | sort | limit

All queries start with a keyword search or a string search.

Keyword Search

String Search

Keyword

How to figure out the complete list of valid keywords.

Most used keywords:

  • _sourceCategory

Operator

Pipe

Wildcards

  • means zero or more characters.

? means a single character.

Retrieved from "https://kb.novaordis.com/index.php?title=SumoLogic_Concepts&oldid=53931"