Skip to main content
Sumo Logic

View Search Results for JSON Logs

  1. Last updated
  2. Save as PDF

If your search returns fields that are valid JSON objects, you can expand or collapse the view on the Messages tab to show or hide the JSON substructure, or present the messages as formatted JSON code.

Expand or collapse JSON messages

By default, the collapsed version of JSON messages is shown. You can see the top level JSON attributes, and only the attributes below the top that are objects rather than simple values are hidden.

Expand JSON

Click Expand JSON on the upper right side of the message table to hide the structure. You can see the full contents and structure of the log messages.

Collapse JSON

Click Collapse JSON to see the initial collapse view.

Right-click an individual message to see the following option:

  • Copy selected text.
  • Copy entire string as JSON. Copies the message to the clipboard in JSON format. This function is not available on Safari due to a browser limitation.

Reference parsed JSON fields

The field browser and search results messages table have a few helpful features. 

Field Browser:

  • A search input field allows you to search for fields by name.

        field browser search field.png
  • JSON structures are nested with expand and collapse options.

        Field browser expand collapse JSON.png
  • A copy button is available to the right of each field allowing you to easily copy a field name.

        field browser copy field.png

Search results table:

  • You can copy field names from JSON structures. After selecting (click and highlight) a JSON key in your results, right click and select Copy field name. See modifying a search from the messages tab for details on the other provided options.

    JSON right click copy options.png

    Copying a field name using this option will automatically format field names that have special characters. For example, the field name shown in the screenshot is total time-series, it would be automatically formatted to %"total time-series" to work properly in a search query.
     
  • A copy button is available to the right of each column (field) name allowing you to easily copy a field name.

    copy button messages table.png

Format JSON messages in search results 

If the messages in your search results can be formatted as JSON, the Messages tab presents the option to display each message in JSON or raw format. Click the link to toggle between the JSON and raw view. 

The view of JSON formatting is limited to JSON files less than 10 KB in size.

View as JSON