Skip to main content
Sumo Logic

LogReduce Syntax

 

Syntax

  • ... | logreduce
  • ... | logreduce(field)
    Runs LogReduce on the given field. If the field is omitted, the raw message is used by default.
  • ... | logreduce | details clusterId
    Shows all the logs matched to a given signature cluster. This is not meant to be used directly by a user, but rather done automatically as a result of drilling down on a cluster in the LogReduce output. 
    Note: Reusing the same search in a different search tab is not guaranteed to work.
  • ... | logreduce save /path/to/baseline_name
    Runs LogReduce and saves the results to the file specified. (When you click the Save Baseline button, this is done automatically.) Use LogCompare to recall the saved baseline.

Rules

  • The logreduce operator cannot be used with group-by functions such as "count by fieldname".