Log Search
Log Search allows you to query and analyze log data sent to Sumo Logic. There are many features to help you use our robust Search Query Language, such as LogCompare, LogReduce, LogExplain, Lookup Tables, Subqueries, and Time Compare. See Get Started with Search to begin exploring your data in Sumo Logic.
Guides​
In this section, we'll introduce the following concepts:
Getting started with Log Search
Start here to begin exploring your data in Sumo Logic.
Copilot
Accelerate log investigations and troubleshooting with Sumo Logic Copilot, our AI-powered assistant that enables you to ask natural language questions and get contextual suggestions, helping first responders get to answers faster.
Search Query Language
The extensive Sumo Logic query options help you gain valuable insight into your log messages.
Search Cheat Sheets
Cheat sheets provide examples of useful search queries for different use cases.
Behavior Insights
Gain behavioral insight of your environment using LogReduce operators.
Live Tail
Real-time live feed of log events associated with a Source or Collector.
Time Compare
Run a compare operation automatically from your search results.
Lookup Tables
Learn about Lookup tables and the search operators you can use with them.
Optimize Search Performance
Learn how to accelerate the search process to get query results in less time and improve productivity for forensic analysis and log management.
Optimize Your Search with Partitions
Optimize your search with partitions, which store your data in an index separate from the rest of your account's data.
Subqueries
Filter and evaluate conditions for a query when you may not be sure of the exact filter.
FAQ
Get answers to frequently asked questions about Log Search.
To interact with other Sumo Logic users, post feedback, or ask a question, visit the Sumo Logic Community Search & Query Forum.
Journey of a log​
In this micro lesson, learn about the ingestion pipeline and the journey that a log message takes from collection into the Sumo Logic platform. The video covers key considerations for administrators around the ingestion pipeline and demonstrates how this process translates into a search, turning a raw event into a schema and then into actionable insights.
Partitions and Views​
Logs collected by Sumo Logic are indexed in Partitions and Scheduled Views. In addition, there are internal indexes such as Health Events, Archive, Audit, and Volume indexes.
- A Partition stores your data in an index separate from the rest of your account data so you can optimize searches, manage variable retention, and specify certain data to forward to S3. See how to Run a Search Against a Partition.
- Scheduled Views speed the search process subsets of your data by functioning as a pre-aggregated index. See how to Run a Search Against a Scheduled View.
- Health Events monitor the health of your Collectors and Sources. See how to Search Health Events.
- Archive allows you to forward log data from Installed Collectors to Amazon S3 buckets to collect at a later time. See how to Search ingested Archive data.
- Audit and Event Audit provide information on the internal events that occur in Sumo Logic. See how to search the Audit and Audit Event Index.
- Data Volume gives you visibility into how much data you are sending to Sumo Logic, allowing you to proactively manage your systems’ behavior and to fine tune your data ingest with respect to the data plan for your Sumo Logic subscription. See Data Volume Index for details.
Data Tiers​
Data Tiers provide the ability to allocate data to different storage tiers based on the frequency of access: Continuous, Frequent, and Infrequent.
To search specific Data Tiers. See Searching Data Tiers.
Traces​
Traces are collected with SumoLogic Kubernetes Collection or a standalone OpenTelemetry collector through an HTTP Traces Source.
- Search raw spans from tracing data from the last seven days. See Search Query Language support for Traces.
- View tracing data from search log messages by right-clicking an entry and selecting Open Trace. See View Traces from Search Results.