Sumo Logic

Modify a Search from the Messages tab

After running a search, you can make these changes in the Messages tab:

Add to your search

After you select text, one of the following options is added to your existing search.

Option Added to Search
Add the selected text as AND [search] AND [selected text]
Add the selected text as AND NOT [search] AND ! [selected text]
Add the selected text as OR [search] OR [selected text]
Add the selected text as OR NOT [search] OR ! [selected text]
Parse the selected text... [search] | parse [selected text] as [fieldName]

After the option is added to your existing search, click Start (or press Enter/Return) to run the appended search.

Parse a field from message text

If you come across text that you'd like to parse as a field, you can select that text and name the field from the Messages tab.

To parse a field from message text:

  1. In the search results, select the text or string you'd like to parse, then click Parse the selected text.

    Parse selected text
  2. In the Parse Text dialog box, select any text that you don't want to include in the parsed field. Then click Extract this value.
    For example, to parse just the "cliIP" field, select the unique client ID, then select Click to extract this value.

    Extract this value
  3. Type a name for the Field. This name appears at the top of the parsed column. (Field names can contain alphanumeric characters and underscores (_). The name must start and end with an alphabet character.) Then click Submit Submit
  4. In the Search tab, click Start to being the search.

For another example of how this works, refer to the Quick Start Tutorial topic, Build a Search Query.