Skip to main content
Sumo Logic

How to Use the Search Page

Understand the basic components of the Search window and how they can help you investigate your issues.

On the Search page, in the Search tab, you can enter simple or complex queries with time parameters to search your entire Sumo Logic data repository. You can select searches and run them from your Search Libraries. Your search results display in the Messages tab (for raw message data) or the Aggregates tab (for grouped results).

On the Aggregates tab, use the table chart column headers to sort your results. 

You can run a saved searchpause, or stop searches, or schedule a search to run periodically and notify you of the results by email.

HowToUseTheSearch

Letter Purpose
A Time range of the search. You have the option to use the receipt time.
B Download and export search results (up to 100,000 records) as a CSV file.
C Collapse the top part of the Search page to view more results.This action will hide the text of your search and the histogram from view.
D Display chart options for search results.
E Use Live Tail to see a real-time live feed of log events.
F View search results as messages. You can choose which fields you want displayed as part of the message.
G View aggregate search results.
H Share a link to the currently running search. You can share a link over email or your IM client, or you can copy a query link that other Sumo users can paste directly into the search field.
I See information about the query. 
J Save or schedule a search.
K Start the search.
L Favorite a saved search.
M Search text box. Searches are limited to a maximum of 15,000 characters in length.
N Search Details such as session, status, elapsed time, results, raw count, and search expression.
O Update Dashboard. If a Dashboard exists for the Search, you update it based on changes made here.
P Add to Dashboard. Make this Search a panel on a Dashboard.
Q Histogram of the messages.
R Pin the search to run in the background independent of the browser session.

Query colors explained

In your search query, you'll see that we have separated out important terms in a search for you by color to help you identify them quickly.

Query Sample with Colors

Color Purpose
Blue Boolean operators (and, or, not)
Red Quoted string
Purple Sumo first operators (parse, nodrop, etc.) and secondary operators (row, column)
Green Specific numeric values