![]() | parse "explainJsonPlan] *" as jsonobject | json field=jsonobject "sessionId" | json auto Because JSON supports both nested keys and arrays that contain ordered sequences of values, the Sumo Logic JSON operator allows you to extract single top-level fields, multiple fields, nested keys, and keys in arrays. The JSON operator is a search query language operator that allows you to extract values from JSON input. | csv_raw extract 1 as user, 2 as id, 3 as name It uses a comma as the default delimiter. It uses a comma as the default delimiter.csv operator allows you to parse Comma Separated Values (CSV) formatted log entries. The csv operator allows you to parse Comma Separated Values (CSV) formatted log entries. The keyvalue operator allows you to get values from a log message by specifying the key paired with each value. Typically, log files contain information that follow a key-value pair structure. ![]() Parse regex can be used, for example, to extract nested fields. The parse regex operator (also called the extract operator) enables users comfortable with regular expression syntax to extract more complex data from log lines. The parse operator, also called parse anchor, parses strings according to specified start and stop anchors, and then labels them as fields for use in subsequent aggregation functions in the query such as sorting, grouping, or other functions. Sumo provides a number of ways to parse fields in your log messages. The following tables provide a list of available Sumo Logic parsers, aggregators, search operators, and mathematical expressions. ![]() The Log Operators cheat sheet provides a list of available parsers, aggregators, search operators, and mathematical expressions with links to full details for each item. For a step-by-step video and tutorial about creating queries, see the Quickstart Tutorial. For a complete list of Sumo Logic Search operators, you can download the PDF version.įor a collection of customer-created search queries and their use cases, see the Sumo Logic Community Query Library.
0 Comments
Leave a Reply. |