Sumo Logic Search Function

Follow

Namhyeon Kim

• October 06, 2022 06:49

We wonder if it is possible in Sumo Logic in the search section as below.

Search
  - Joined between different indexes for searchability
  - Regular expression support in search queries
  - Support for Eval functions in search queries
  - Support for REST API calls from external systems in search queries

0

• 

  Ananta Thakur

  • November 03, 2022 06:33

  You can search multiple partitions using same query like:

  _index=ContPart1 OR _index=FreqPart2 OR _index=InfreqPart3 
  (Where ContPart1, FreqPart2, and InfreqPart3 are partitions in the Continuous, Frequent, and Infrequent tier respectively.)

  _dataTier=All error - searches all partitions. 

  (_dataTier=Continuous OR _dataTier=Infrequent) error - Searches all partitions in the Continuous and Infrequent tier for messages that contain the string “error”.

  for regex refer: https://help.sumologic.com/docs/search/search-query-language/parse-operators/parse-variable-patterns-using-regex/ 

  for eval: https://help.sumologic.com/docs/metrics/metrics-operators/eval/

   

   

  0

  Comment actions Permalink

Please sign in to leave a comment.