Skip to main content
Sumo Logic

3.1 You need to extract fields from well-understood log types

Problem

Rather than extracting fields one at a time, you want to leverage the fact that your log is of a well-known type and simply extract all fields for further use.

Solution

Install an App that will extract fields and present data from your log types, for example:

There are many more Apps available; click Library, then the Apps tab to view the current list. Or go to Apps to see the documentation. 

Discussion

Install one or more Apps that use a data filter, such as_sourceCategory=perfMon, to identify which sources to parse. The recipes that follow will describe how to extract data fields from any log type, but Apps make it easy for the more common log types.