SumoLogic Concepts

From NovaOrdis Knowledge Base
Revision as of 03:53, 30 January 2019 by Ovidiu (talk | contribs) (→‎Wildcards)
Jump to navigation Jump to search

Internal

Search

The search syntax is based on the "funnel" or the "pipeline" concept. The pipeline input receives all SumoLogic data, and data is filtered b entering keywords and operators, separated by pipes ("|"). Each operator acts on the results produced by previous operators, so data is being progressively filtered out. The typical search query syntax is similar to: 

keyword search or string search | parse | where | group-by | sort | limit

All queries start with a keyword search or a string search.

Keyword Search

String Search

Keyword

Keywords are case insensitive.

How to figure out the complete list of valid keywords.

Most used keywords:

  • _sourceCategory

Metadata

Search Metadata

Metadata fields:

_collector

The name of the Collector, as set when the Collector was installed, that received the log message.

Operator

Pipe

Wildcards

  • means zero or more characters.

? means a single character.

Collector

Retrieved from "https://kb.novaordis.com/index.php?title=SumoLogic_Concepts&oldid=53935"