Search Query Language
For a step-by-step video and tutorial about creating Sumo Logic queries, see the Quick Start Tutorial.
For a collection of customer-created search queries and their use cases, see the Community Query Library.
Syntax style
The syntax of the search query language is written in the following styles.
Code Font
Search syntax, queries, parameters, and filenames are displayed in Regular Code Font.
Required and optional arguments:
- A required argument is wrapped in angle brackets
< >. - An optional argument is wrapped in square brackets
[ ].
Example:
| parse [field=<field_name>] "<start_anchor>*<stop_anchor>" as <field> [nodrop]
The required arguments are <start_anchor>, <stop_anchor>, and <field>.
The optional arguments are [field=<field_name>] and the [nodrop] option.
One or more arguments:
- An argument that can be specified more than once has an ellipsis ... to indicate where you may add additional arguments.
Example:
concat(<field1>, <field2>[, <field3>, ...]) as <field>
Guide contents
In this section, we'll introduce the following concepts:
🗃️ Search Operators
72 items
🗃️ Parse Operators
11 items
🗃️ Search Cheat Sheets
4 items
🗃️ Group or Aggregate Operators
11 items
📄️ Field Expressions
Overview of the expressions that create user-defined numeric, boolean, or string fields.
🗃️ Math Expressions
25 items
🗃️ Transaction Analytics
4 items
