Sumo Logic’s extensive query options help you gain valuable insight into your log messages.
For a step-by-step video and tutorial about creating Sumo Logic queries, see the Quick Start Tutorial.
For a collection of customer-created search queries and their use cases, see the Community Query Library.
Syntax style
The syntax of the search query language is written in the following styles.
Code Font
Search syntax, queries, parameters, and filenames are displayed in Regular Code Font.
Required and optional arguments
A required argument is wrapped in angle brackets < >.
An optional argument is wrapped in square brackets [ ].
Example
| parse [field=<field_name>] "<start_anchor>*<stop_anchor>" as <field> [nodrop]
The required arguments are <start_anchor>, <stop_anchor>, and <field>.
The optional arguments are [field=<field_name>] and the [nodrop] option.
One or more arguments
An argument that can be specified more than once has an ellipsis ... to indicate where you may add additional arguments.
Example
concat(<field1>, <field2>[, <field3>, ...]) as <field>
