Skip to main content
Sumo Logic

How to Use the Search Page

Understand the basic components of the Search window and how they can help you investigate your issues.

On the Search page, in the Search tab, you can enter simple or complex queries with time parameters to search your entire Sumo Logic data repository. You can select searches and run them from your Search Libraries. Your search results display in the Messages tab (for raw message data) or the Aggregates tab (for grouped results).

On the Aggregates tab, use the table chart column headers to sort your results. 

You can run a saved searchpause, or stop searches, or schedule a search to run periodically and notify you of the results by email.

 

Letter Purpose
A Time range of the search. You have the option to use the receipt time.
B Download and export search results (up to 10,000 records) as a CSV file.
C Collapse the top part of the Search page to view more results.
D Display chart options for search results.
E Use Aggregates tab table chart column headers to sort your results. (This action will hide the text of your search and the histogram from view.)
F View search results as messages. (Not pictured.) You can choose which fields you want displayed as part of the message.
G View aggregate search results. (Shown).
H Share a link to the currently running search. You can share a link over email or your IM client, or you can copy a query link that other Sumo users can paste directly into the search field.
I See information about the query. 
J Save or schedule a search.
K Open the Library.
L Favorite a saved search.
M Search text box. Searches are limited to a maximum of 15,000 characters in length.
N Report a slow search
O Update Dashboard. If a Dashboard exists for the Search, you update it based on changes made here.
P Add to Dashboard. Make this Search a panel on a Dashboard.