Reputation: 11071
Search query in Sumologic - Contains
I'm a bit lost with a search query in Sumologic. I need to get logs where _sourceHost contains production
In case of SQL it looked like this
WHERE app="my-app" AND _sourceHost LIKE "%production%"
Does somebody knows if it's possible in Sumologic?
Upvotes: 4
Views: 12825
Answers (3)
Reputation: 776
you can use regex to match the wording.
(_sourceCategory="dev/test-app")
| parse regex field=_raw "(?<pre> \w*)production(?<suff> \w*)"
Upvotes: 1
Reputation: 789
You can add wildcards to your string for _sourcehost= I don't know if app= is a part of your string or if it's an indexed value. If it's just part of the log string, it would look like this:
"app=\"my-app\"" AND _sourceHost=*production*
Otherwise it might be
app=my-app AND _sourceHost=*production*
One step further, you can use the wildcards in the middle of strings too, e.g.,
prod*box would match prod553box or prod999box or prodfoobox
Upvotes: 2
Reputation: 176
try this:
| where _sourceHost matches "*production*"
see also:
https://help.sumologic.com/Search/Search_Query_Language/Search_Operators/matches
https://help.sumologic.com/Search/Search_Query_Language/Search_Operators/where
Upvotes: 7
Related Questions
- SumoLogic query: Search pattern is not in log
- Is there a way in SumoLogic to store some data and use it in queries?
- How write search query for Sumologic to find stored ingest budget?
- Search with queries constrained to elements using search:search
- How to populate a search template parameter from a query string parameters in the SumoLogic user interface
- How to search on phrases in Spring Data Solr 1.0
- Azure Search - Find matches within a word like "contains"
- Hibernate search : exact phrase matching
- Get results with exact match
- Performing Lucene Search query "Contains"