Sumo Logic search syntax uses logical and familiar operators allowing you to create ad hoc queries quickly and efficiently.
In this section, we'll introduce the following concepts:
📄️ About Search Basics
Sumo Logic search syntax is based on a funnel or "pipeline" concept and it uses logical and familiar operators letting you to create ad hoc queries quickly.
📄️ Built-in Metadata
Metadata tags are attached to your log messages at ingest, which is very useful when you're searching log data.
📄️ Chart Search Results
In the Aggregates tab, in addition to the standard table view, you can view search results as a chart, such as a bar or column chart.
📄️ Comments in Search Queries
You can add comments to a search query, or even comment out lines of your search query using comment formatting.
📄️ Pause or Cancel a Search
When a search is in progress, the options to Cancel or Pause the search appear.
📄️ Quick Search for Collectors and Sources
You can quickly start a search for a Collector, Source, or Source Category from the Manage Collection page.
📄️ Reference a Field with Special Characters
Solution to reference a field name that contains a special character.
📄️ Save a Search
Whether you are running ad hoc searches during a forensic investigation or running standard searches for health checks, you can save any search to run later.
📄️ Search Autocomplete
On the Search page, as you begin typing to enter a query in the search text box, the search autocomplete drop-down dialog opens to offer suggestions to make query writing easier.
📄️ Search Large Messages
When collecting log messages or event logs that are larger than 64KB in size, Sumo Logic slices the messages into a stream of smaller message chunks.
📄️ Search Surrounding Messages
Surrounding messages allow you to investigate events surrounding a message.
📄️ Share a Link to a Search
Share a link to search query results. Copy and paste the a link to share a search via email or IM.
📄️ Time Range Expressions
When you are building a search query, you have the option to add a time range expression in the time range field.
📄️ View Search Results for JSON Logs
If your search results contain JSON logs, you can expand or collapse the view on the Messages tab to show or hide the JSON format and structure.
📄️ View Traces Search Results
Open and review traces from search log results.