It can be hard to create a search query if you don't know what data you have in your Sumo Logic environment.
You can use the following simple queries to identify possible values for your existing Source Categories, Source Names, and Source Hosts, as well as approximate data volume for each of the possible values.
For Source Categories:
* | count_frequent(_sourceCategory)
For Source Hosts:
* | count_frequent(_sourceHost)
For Source Names:
* | count_frequent(_sourceName)