Skip to main content

Search Query Language

In this section, we'll introduce the following concepts:

icon

Search Operators

Available search operators in the Sumo Logic search query language.

icon

Parse Operators

Sumo Logic provides a number of ways to parse fields in your log messages.

icon

Math Expressions

Use general mathematical expressions on numerical data extracted from log lines.

icon

Group or Aggregate Operators

Evaluate messages and place them into groups.

icon

Field Expressions

Overview of the expressions that create user-defined numeric, boolean, or string fields.

icon

Transaction Analytics

Find and group related log data.


Syntax style

Sumo Logic search query language syntax is written in the following styles.

Code Font

Search syntax, queries, parameters, and filenames are displayed in Regular Code Font.

Required and optional arguments:

  • A required argument is wrapped in angle brackets < >.
  • An optional argument is wrapped in square brackets [ ].

Example:

| parse [field=<field_name>] "<start_anchor>*<stop_anchor>" as <field> [nodrop]

The required arguments are <start_anchor>, <stop_anchor>, and <field>. The optional arguments are [field=<field_name>] and the [nodrop] option.

One or more arguments:

  • An argument that can be specified more than once has an ellipsis ... to indicate where you may add additional arguments.

Example:

concat(<field1>, <field2>[, <field3>, ...]) as <field> 

Micro Lesson

Here's a step-by-step tutorial about creating Sumo Logic queries.

sumo

For a collection of customer-created search queries and their use cases, see the Community Query Library.

Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.