![]() ![]() These individual terms are defined by detecting boundaries around the characters found within the message, including white space, dashes, commas, question marks, exclamation points, brackets, and more.Ī phrase is any text with these boundaries. For simple example queries to discover existing Source Categories, Source Names, and Source Hosts, see What Data Do I Have? Phrases ĭuring collection, raw messages are broken into individual keyword terms, or groups of characters. It can be hard to create a search query if you don't know what data you have in your Sumo Logic environment. _sourceHost="10.1.12.22" AND_sourceCategory="my category" NOT _sourceCategory="some-other" AND _sourceName="/var/log/some.log"._sourceHost=Atlanta AND (_sourceCategory="win-app-logs" OR _sourceName="win-firewall-logs")._sourceHost=ldapserver AND _sourceCategory="hr-dept" AND "failed login"._sourceCategory="Sumo Logic Collector logs" AND critical.(error OR fail) and debug error* OR (fail and debug) error NOT fail.Use a backslash to escape double quotes in the string. Characters quoted with double quotes (not single quotes) are string literals.The query uses both AND and OR operators to link search expressions.The query includes three or more search expressions.Parentheses are necessary only if both of the following conditions apply: Parentheses group search expressions and provide the structure necessary to perform complex queries.Keyword expressions are case-insensitive.Expressions containing spaces or special characters must be enclosed in quotes ( " ").Punctuation characters are allowed ( - _ : /. ![]() Supports built-in metadata fields created during configuration of Collectors and Sources, like _sourceHost, _sourceCategory, and _sourceName.A wildcard * represents zero or more characters.The precedence of boolean operators is NOT, AND, OR. Parentheses will override the precedence. Supports boolean operators NOT, AND, OR.AND is implicit and does not need to be specified in the query. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |