Search Query Language
For a step-by-step video and tutorial about creating Sumo Logic queries, see the Quick Start Tutorial.
For a collection of customer-created search queries and their use cases, see the Community Query Library.
Syntax style
The syntax of the search query language is written in the following styles.
Code Font
Search syntax, queries, parameters, and filenames are displayed in Regular Code Font.
Required and optional arguments:
- A required argument is wrapped in angle brackets
< >. - An optional argument is wrapped in square brackets
[ ].
Example:
| parse [field=<field_name>] "<start_anchor>*<stop_anchor>" as <field> [nodrop]
The required arguments are <start_anchor>, <stop_anchor>, and <field>.
The optional arguments are [field=<field_name>] and the [nodrop] option.
One or more arguments:
- An argument that can be specified more than once has an ellipsis ... to indicate where you may add additional arguments.
Example:
concat(<field1>, <field2>[, <field3>, ...]) as <field>
Guide contents
In this section, we will introduce the following concepts:
🗃️ Parse Operators
11 items
🗃️ Group or Aggregate Operators
11 items
📄️ Field Expressions
The Sumo Query Language can be used to create fields based on calculated expressions, such as:
🗃️ Math Expressions
25 items
🗃️ Search Operators
72 items
🗃️ Transaction Analytics
4 items