It can be hard to create a search query if you don't know what data you have in your Sumo Logic environment.
You can use the following simple queries to identify possible values for your existing Source Categories, Source Names, and Source Hosts. You can also approximate data volume for each of the possible values using these queries.
For Source Categories:
* | count_frequent(_sourceCategory)
For Source Hosts:
* | count_frequent(_sourceHost)
For Source Names:
* | count_frequent(_sourceName)