Skip to main content
Sumo Logic

How to Use the Search Page

On the Search page, in the Search tab, you can enter simple or complex queries with time parameters to search your entire Sumo Logic data repository. You can select searches and run them from your Search Libraries. Your search results display in the Messages tab (for raw message data) or the Aggregates tab (for grouped results).

On the Aggregates tab, use the table chart column headers to sort your results. 

You can run a saved searchpause, or stop searches, or schedule a search to run periodically and notify you of the results by email.


Letter Purpose
A Time range of the search. You have the option to use the receipt time and Auto Parse Mode.
B Download and export search results (up to 100,000 records) as a CSV file.
C Collapse the top part of the Search page to view more results.This action will hide the text of your search and the histogram from view.
D Display chart options for search results.
E Use Live Tail to see a real-time live feed of log events.
F View search results as messages. You can choose which fields you want displayed as part of the message.
G View aggregate search results.
H Share a link for the currently running search. You can share a link over email or your IM client, or copy the query code so other Sumo users can paste it directly into a query Search field.
I See information about the query. 
J Save or schedule a search.
K Start the search.
L Favorite a saved search.
M Search text box. Searches are limited to a maximum of 15,000 characters in length.
N Search Details such as session, status, elapsed time, results, raw count, search expression, and load.

When searching an Infrequent Partition the estimated and actual amount of data scanned is displayed.
O Update Dashboard. If a Dashboard exists for the Search, you update it based on changes made here.
P Add to Dashboard. Make this Search a panel on a Dashboard.
Q Histogram of the messages.
R Pin the search to run in the background independent of the browser session.
S Add a new monitor based on the existing query in the search text box.

Query colors explained

In your search query, you'll see that we have separated out important terms in a search for you by color to help you identify them quickly.

Query Sample with Colors

Color Purpose
Blue Boolean operators (and, or, not)
Red Quoted string
Purple Sumo first operators (parse, nodrop, etc.) and secondary operators (row, column)
Green Specific numeric values