Skip to main content
Sumo Logic

4.3 Count the number of log messages for each distinct value

Problem

Some source IP addresses show up in the logs more often, but which ones?

Solution

Extract the field of interest and use the count operator:

_sourceCategory=apache
| parse "* -" as src_ip
| count by src_ip

Discussion

In this example, the count operator enumerates the total number of instances of each source IP address.