Karthi
Reputation: 708
Java request - Sumo Logic
I am passing the following request to the sumo logic application and receiving "unparsable query" as the output. What is the problem in this query? Am I missing some escape strings?
String searchJobId = sumoClient.createSearchJob(
"_sourceCategory=na2_*_incomingaudit | parse regex \"^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{3} (?<host>[^ ]+) (?<tenant>[^ ]+) (?<identity>[^ ]+) (?<correlation_id>[^ ]+) (?<win32ThreadId>[^ ]+) (?<elapsedtime>[^ ]+) (?<context>[^ ]+) (?<message>[^ ]+) (?<exception>[^ ]+) (?<request>[^ ]+) (?<response>[^ ]+)\" | parse regex \"app=(?<app>[^ ]+)\" | parse regex \"appv=(?<appversion>[^ ]+\") | where app in (\"ios-mobile\",\"android-mobile\") | count by tenant | where tenant<> \"-\" | sort by _count" , Long.toString(startTimestamp),
Long.toString(endTimestamp),
"UTC");
Note: This is updated with the below suggestions and couldn't make it work.
Upvotes: 0
Views: 896
Answers (2)
Kevin
Reputation: 36
Your closing quote is coming before the close of the capture group in the following parse statement of your query.
parse regex \"appv=(?<appversion>[^ ]+\")
Try to change to:
parse regex \"appv=(?<appversion>[^ ]+)\"
Upvotes: 2
Related Questions
- Is there a way in SumoLogic to store some data and use it in queries?
- a query about ~.setStop() method
- SUMO Internal Edge
- Traci4J with SUMO Returning Error
- How to call a Prolog-predicate from a Java webapp?
- How to get solution X prolog in java
- Assert facts from java to prolog
- How to query a SOAP Service in Java
- Querying Prolog variables with JPL
- Can not understand the result of request JPA