Skip to main content

Parse Operators

Parse operators allow you to extract fields from log messages within a query manually and on an ad-hoc basis.

For best practices use Parse operators to build Field Extraction Rules to automatically extract field values and use them to extend your query.

In this section, we'll introduce the following concepts:


Parse Variable Patterns Using Regex

Allows you to extract nested fields and other complex data from log lines.


Parse JSON Formatted Logs

Allows you to extract values from JSON logs with most JSONPath expressions.


Parse Predictable Patterns Using an Anchor

Parses strings and labels anchors as fields for use in subsequent aggregation functions.


Parse Field option

Parses on previously extracted fields, or initial parsing on a metadata field value, like a collector or source.


Parse Delimited Logs Using Split

Allows you to split strings into multiple strings and parse delimited log entries.


Parse Keyvalue Formatted Logs

Allows you to get values from a log message by specifying the key paired with each value.


Parse nodrop option

Forces results to also include messages that don't match any segment of the parse expression.


parseDate operator

Extracts a date or time from a string and provides a timestamp in milliseconds. 


Parse CSV Formatted Logs

Allows you to parse CSV-formatted log entries using a comma as the default delimiter.


Parse XML Formatted Logs

Allows you to parse specified fields from an XML log using an XPath reference.



Allows you to convert a hexadecimal string of 16 or fewer characters to a number.

Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.