Search Query Language
In this section, we'll introduce the following concepts:
Search Operators
Available search operators in the Sumo Logic search query language.
Parse Operators
Sumo Logic provides a number of ways to parse fields in your log messages.
Group or Aggregate Operators
Evaluate messages and place them into groups.
Field Expressions
Overview of the expressions that create user-defined numeric, boolean, or string fields.
Math Expressions
Use general mathematical expressions on numerical data extracted from log lines.
Transaction Analytics
Find and group related log data.
Syntax style​
Sumo Logic search query language syntax is written in the following styles.
Code Font​
Search syntax, queries, parameters, and filenames are displayed in Regular Code Font.
Required and optional arguments:
- A required argument is wrapped in angle brackets
< >. - An optional argument is wrapped in square brackets
[ ].
Example:
| parse [field=<field_name>] "<start_anchor>*<stop_anchor>" as <field> [nodrop]
The required arguments are <start_anchor>, <stop_anchor>, and <field>.
The optional arguments are [field=<field_name>] and the [nodrop] option.
One or more arguments:
- An argument that can be specified more than once has an ellipsis ... to indicate where you may add additional arguments.
Example:
concat(<field1>, <field2>[, <field3>, ...]) as <field>
sumoFor a collection of customer-created search queries and their use cases, see the Community Query Library.