Skip to main content
Sumo Logic

LogReduce Syntax

Syntax

  • ... | logreduce

  • ... | logreduce(field)
    Runs LogReduce on the given field. If the field is omitted, the raw message is used by default.

  • ... | logreduce | details clusterId
    Shows all the logs matched to a given signature cluster. This is not meant to be used directly by a user, but rather done automatically as a result of drilling down on a cluster in the LogReduce output. 

Rules

  • The logreduce operator cannot be used with group-by functions such as "count by fieldname".