Skip to main content
Sumo Logic

Lab 4 - Conditional Operations

  1. Last updated
  2. Save as PDF
This lab teach you how to conditional logic (If/then) inline of a log search.
Conditional operators allow you to do if/then operations.

 

  1. Write a query that scans through Labs/Apache/Access logs for the last 60 minutes, and returns the number of successful HTTP requests returned (where status_code=200), versus the number of error HTTP requests returned (where status_code=404).

_sourceCategory=Labs/Apache/Access

| parse "HTTP/1.1\" * " as status_code

| if(status_code=200, 1, 0) as successes

| if(status_code=404, 1, 0) as client_errors  

| sum(successes) as success_cnt, sum(client_errors) as client_errors_cnt

  1. Write a query that scans through Labs/Apache/Access logs for the last 60 minutes, and returns the number of client errors (where status_code matches 4*), versus the number of server errors (where status_code matches 5*).

_sourceCategory=Labs/Apache/Access

| parse  "HTTP/1.1\" * " as status_code

| if(status_code matches "4*", 1, 0) as client_err

| if(status_code matches "5*", 1, 0) as server_err  

| sum(server_err) as server_errors_cnt, sum(client_err) as client_errors_cnt