Skip to main content
Sumo Logic

Custom Data Filters

When you install a Sumo Logic app, you tell Sumo what data to search and present in app dashboards.

Most typically, you specify the source category that was assigned to the logs or metrics source when data collection was set up for the app. 

However, if you want to use multiple metadata fields as your filter criteria, for example both source category and source host, you must define a custom data filter. The app will prefix its searches with your custom data filter. 

Define a custom data filter

  1. In the App Catalog, select the application you want to install and click Add to Library.
  2. The Add <AppName> to Library popup, click the down arrow next to Source Category.   
    Custom Data Filter
  3. A Custom Data Filter option appears. Click the option.
    apache-custom-filter.png
  4. Enter a filter expression in the Custom Data Filter field. For example filters, see Example custom data filters, below. 
    apache-custom-filter-field.png

Example custom data filters

The table below has examples of custom data filters.

Custom Data Filter Description
_sourceHost=stage-EMEA* AND _sourceCategory=Apache* App searches will return data whose source host begins with the string stage-EMEA and whose source category begins with the string Apache. 
_sourceCategory=Apache* AND "dev-us"  App searches will return log data that contains the string dev-us whose source category begins with the string Apache.
_sourcehost = "Jon Smith" App searches will return data whose source host is Jon Smith.

Note that if a metadata field value contains spaces, you must use quotes. 
_sourceHost=stage-EMEA* AND 
(_source=Apache* or _source=DB)
App searches will return data whose source host begins with the string stage-EMEA and whose source either begins with Apache or is DB.

Note that we use parentheses to group the logic operations.