Skip to main content

Search Query Language

In this section, we'll introduce the following concepts:


Search Operators

Available search operators in the Sumo Logic search query language.


Parse Operators

Sumo Logic provides a number of ways to parse fields in your log messages.


Math Expressions

Use general mathematical expressions on numerical data extracted from log lines.


Group or Aggregate Operators

Evaluate messages and place them into groups.


Field Expressions

Overview of the expressions that create user-defined numeric, boolean, or string fields.


Transaction Analytics

Find and group related log data.

Syntax style

Sumo Logic search query language syntax is written in the following styles.

Code Font

Search syntax, queries, parameters, and filenames are displayed in Regular Code Font.

Required and optional arguments:

  • A required argument is wrapped in angle brackets < >.
  • An optional argument is wrapped in square brackets [ ].


| parse [field=<field_name>] "<start_anchor>*<stop_anchor>" as <field> [nodrop]

The required arguments are <start_anchor>, <stop_anchor>, and <field>. The optional arguments are [field=<field_name>] and the [nodrop] option.

One or more arguments:

  • An argument that can be specified more than once has an ellipsis ... to indicate where you may add additional arguments.


concat(<field1>, <field2>[, <field3>, ...]) as <field> 

Micro Lesson

Here's a step-by-step tutorial about creating Sumo Logic queries.


For a collection of customer-created search queries and their use cases, see the Community Query Library.

Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.