Search Basics

Sumo Logic search syntax uses logical and familiar operators allowing you to create ad hoc queries quickly and efficiently.

In this section, we'll introduce the following concepts:

Sumo Logic search syntax, based on a funnel concept, uses logical and familiar operators allowing you to create queries quickly.

Metadata tags are attached to your log messages at ingest, which is quite useful when you're searching log data.

In the Aggregates tab, you can view search results as a chart, such as a bar or column chart.

Learn how to add comments to a search query and comment out lines for notes.

Up to 100,000 rows can be exported as a CSV text file.

When a search is in progress, the options to Cancel or Pause the search appear.

Quickly start a search for a Collector, Source, or Source Category from the Manage Collection page.

Reference a field name that contains a special character.

Save your favorite searches to run them again later.

The search autocomplete dropdown dialog offers suggestions to make query writing easier.

Learn how to search large log messages, which Sumo Logic slices into smaller message chunks.

Investigate events surrounding a message in your Messages list.

Learn how to share a link to search query results via email or IM.

Learn how to add a time range expression in the time range field when building a search query.

If your search results contain JSON logs, you can show or hide JSON format from the Messages tab.

Open and review traces from search log results.