Skip to main content



Explore is a navigation tool that provides an intuitive visual hierarchy of your environment. Use Explore to facilitate successful monitoring, managing, and troubleshooting.


If you're looking for our Root Cause Explorer observability tool, click here.

To open Explore, do the following:

  1. Log in to Sumo Logic and click + New on the top menu bar.
  2. From the dropdown menu, choose Explore.
  3. In the Explore By navigation panel, select your desired category (e.g., AWS Observability), then drill down further until you find your desired component which you'd like to explore. Metrics will be displayed/visualized as dashboards. See Application Components View for an example walkthrough.

Explore dashboard categories

Explore can be accessed using Dashboard in conjunction with the below apps and solutions.

Stack linking

Stack linking connects Dashboard to Explore so you can view dashboards when exploring infrastructure components. Learn more.

AWS Observability

Explore provides an intuitive dashboard framework that mirrors industry-standard AWS hierarchies. You can quickly navigate across multiple AWS accounts and view resources hosted in multiple locations worldwide. From the Explore tab, you can quickly navigate across multiple AWS accounts and view resources hosted in multiple locations worldwide. Learn more.

Kubernetes Observability

Explore provides a visual hierarchy of the clusters in your environment that allows you to view and switch between clusters with a single click. Explore, used in conjunction with the Sumo Logic Kubernetes App, allows you to intuitively monitor and troubleshoot issues as they arise. From the Explore tab, you can intuitively filter on four hierarchical views of your Kubernetes system: Node, Deployment, Service, and Namespace. Learn more.

Database View​

Explore provides a set of dashboards for various components of your application that allow you to review the state of individual parts of your system. You can track errors, performance, and usage of application components, grouped by their type and logical clusters.


This feature is currently supported only for Database apps. To learn more, go to the Database docs and Application Component Solution.

  1. Select the Database View category.
  2. Select an environment (e.g., dev or prod).
    • Application Components - Environments Overview will appear on the right. This dashboard provides insights into the CRUD activities and monitor errors of each of the components in that environment.
  3. Select from the list of that environment's components (e.g., Elastisearch Clusters).
    • The respective dashboard will appear in the right nav.
  4. Then choose a specific database .
  5. Drill down into hierarchy to find specific component entities to view dashboards at more granular levels.
  6. Toggle between various dashboards to get your desired info.

Application service views

Explore provides three Service and Application dashboard views accessible through the Explore By menu. This allows you to review tracing data by application (all or grouped), environment, and services by top level and breaking down their health by application. This helps you review the most active operations performed on specified applications and services. See Service Map Traces and Sumo Logic Apps for more info.

Real User Monitoring

Real User Monitoring: Explore allows you to visualize Real User Monitoring (RUM) metrics gathered from tracing instrumentation in the browser. This provides visibility into an actual end-user experience by geographical locations, browser, and operating system types. This also helps you to understand how your customers experience the performance of your web application.

Filtering Explore

Explore provides the ability to filter your view so you can focus on specific entities and sections of your system.

Create filters

  1. To filter Explore click the filter icon in the left-hand navigation menu. You can click the icon to toggle the visibility of the menu.

  2. Once clicked the filter menu appears below:

The Filter menu allows you to select a saved filter or write a new one. If you have any saved filters they are available in the dropdown menu Filter. The default value is None Selected. The Clear All button is available to clear any filters that are already applied.

  1. To create a new filter click in the Enter a key value pair to create a filter input area. A dropdown will appear showing you available keys you can filter by. You may only provide a value without a key.

  2. Enter or select the keys you want to filter by then click Apply. Filters of the same key behave as an OR condition and different keys behave as an AND condition.

The Dashboard and Explore menu will refresh with your filters applied.


You can apply the filter as an exclusion or negation so the filter acts as a not or bang !. This way the filter will return results that don't have those values. Simply click the prohibition or no sign to set. The filter will get a red border when set to exclude. You may manually add an exclamation or bang ! to the input area before selecting your filter. For example, !_key=value.

Saving filters

You can save filters so they are applied every time you explore the same Dashboards. To save, click the three-vertical dots icon and then click Save.

A pop up window is shown where you need to provide the filter a name. This name is what you'll see in the Filter dropdown menu.

We have named the filter "primary" in the above image. Once done click Save. When opening Explore you'll now see the primary filter as an option in the Filter menu.

Updating, Deleting, Saving filters as default

Saved filters can be applied as a default filter, edited, or deleted.

  • A default filter is applied every time you open Explore.
  • The update option is available if you edit a saved filter.
  • A deleted filter is not recoverable.

Remove Default filter

The default filter is displayed in the Filter dropdown menu with a Default label. Select the Remove default text link to clear your set default filter.

Linking to entities in Explore

Use the link button to the right of the Dashboard title in Explore to copy the link to your specific entity view in the dashboard. This is related to Stack Linking.

You can create a URL to a specific entity in Explore.


https://<endpoint>/ui/#/explore/[@<startMs>,<endMs>]@topology=<topologyId>@<entityId>,<entityTypeId>,<entityName>[@<entityId>,<entityTypeId>,<entityName>][@filters@<negation>:<filterValue>[:<filter>],<negation2>:<filterValue2>[:<filter2>] ...]@selectedDashboardId@<dashboardId>


  • <endpoint> is your Sumo Logic service endpoint. See Sumo Logic Endpoints and Firewall Security for the endpoint URLs.
  • <entityKey> is the type of entity you want to explore, such as cluster, deployment, service, node, account, region, namespace, or pod.
  • <entityValue> is the value of the entity to explore.

Optional arguments:

  • <start> is the start of your dashboard time range in milliseconds since epoch.
  • <end> is the end of your dashboard time range in milliseconds since epoch.


  • <filterValue> is the value of a key you want to filter.
  • <filter> (optional) is the metadata key you want to apply as a filter to explore. You do not have to provide a filter, you may only provide a filterValue.
  • <negation> set as 0 to apply your filters or 1 to treat the filters as an exclusion. Think of using 1 as using a not or ! bang, so the filter will return results that don't have those values. This is an example:


  • <dashboardId> is the unique identifier of the Dashboard.


Let’s create a URL to open Explore on the primary-eks cluster, kube-system namespace, and metrics-server service.

The custom URL that launches this log query in the Sumo Logic Search page would be similar to the following. The exact URL would depend on your Sumo Logic account endpoint, as listed in Sumo Logic Endpoints and Firewall Security.

Using milliseconds as this time range: 09/26/2020 to 09/29/2020 10:33:10.282 AM GMT-04:00 DST,1601389990282@cluster=primary-eks@namespace=kube-system@service=metrics-server

Troubleshooting with Explore

Explore navigation capabilities allow you to quickly locate the object that needs debugging in a physical stack. This section walks you through a high-level troubleshooting scenario to illustrate the possibilities.

micro lesson

Step 1: Analyzing the cluster

We suspect there's a problem with a Kubernetes cluster but aren't sure where, so we start by analyzing the Cluster Overview dashboard. Everything that is running on the cluster is shown on this dashboard. The Terminated and Waiting by Namespace panel allows us to easily comprehend the failure states the namespaces are in. Here we can easily see if there are configuration issues or overall administration issues that need to be addressed.

Step 2: Exploring a namespace

To further pinpoint the problem with our cluster, we investigated the namespace by selecting kube-system in the navigation panel and switching to the Namespace Overview dashboard. This dashboard provides information on pods running in the deployment, failed pods, errors, CPU and memory usage, file system usage, terminated and waiting pods and containers. In this example, we're focusing on the CPU and memory usage panels of the dashboard in our attempt to find out where our application is running into problems.

Step 3: Drilling down into a pod

Once we've determined which pod is having problems, we can drill down into the pod for more granular data. For example, you can select the Details icon for a panel to view that data in a search. Or, you can review the actual logs in the Log Stream panel.

Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.