Skip to main content

How to Use the Search Page

On the Search page you can enter [simple or complex queries] FIX (../search-basics/about-search-basics.md)to search your entire Sumo Logic data repository. You can save and select searches from your Library. After running a search your results are displayed in either the Messages tab (for raw message data) or the Aggregates tab (for grouped results). See how to navigate through search results.

You can run a saved searchpause, or stop searches, or schedule a search to run periodically and notify you of the results.

search page feb 2022.png

LetterPurpose
ABasic or Advanced mode search text box. Advanced mode searches are limited to a maximum of 15,000 characters in length.

Click the clock icon to see recent searches. Previously run searches are saved automatically for your reference. Instead of recreating your search, you can select it from the drop down.

As you make changes, a message displays if you have not pressed enter to execute the query: query detected
BTime range of the search.
CStart the search.
DClick the gear icon to open the Search Config menu that has the options to use the receipt time and Auto Parse Mode.
EShare a link for the currently running search.
FSave or schedule a search.
GClick the three-dot icon to open a menu with the following options:
  • Select between Basic or Advanced search mode.
  • Link to search cheat sheets.
  • Edit the search, if it has already been saved.
  • Save or schedule a search.
  • Share a link for the currently running search.
  • Info provides detailed information about the search.
  • Pin the search to run in the background independent of the browser session.
  • Favorite a saved search.
  • Add a new monitor based on the existing query in the search text box.
  • Use Live Tail to see a real-time live feed of log events.
The menu options are dynamically provided so depending on if you have run or saved the search or conducted aggregation some options will be grayed out and unclickable.
HHistogram of the messages.
ISearch Details such as session, status, elapsed time, results, raw count, search expression, and load. When searching an Infrequent Partition the estimated and actual amount of data scanned is displayed.
JSearch results as messages.
KAggregate search results.
LDownload and export search results (up to 100,000 records) as a CSV file.
MChart) options for search results.
NClick the gear icon to open a menu with the options to edit Display Message Preferences, Save as Default View, and Edit Settings JSON.
OAdd to Dashboard allows you to create a panel on a Dashboard from your search. If a Dashboard exists for the Search, you will have another option to Update Dashboard to update it based on changes made here.
PExpands the results table and hides the histogram and search text area.
QHides the histogram.

Query colors explained

In your search query, you'll see that we have separated out important terms in a search for you by color to help you identify them quickly.

Query Sample Colors

ColorPurpose
BlueBoolean operators (and, or, not)
RedQuoted string
PurpleSumo first operators (parse, nodrop, etc.) and secondary operators (row, column)
GreenSpecific numeric values

Guide contents

In this section, we will introduce the following concepts: