'Search query in Sumologic - Contains
I'm a bit lost with a search query in Sumologic. I need to get logs where _sourceHost contains production
In case of SQL it looked like this
WHERE app="my-app" AND _sourceHost LIKE "%production%"
Does somebody knows if it's possible in Sumologic?
Solution 1:[1]
try this:
| where _sourceHost matches "*production*"
see also:
https://help.sumologic.com/Search/Search_Query_Language/Search_Operators/matches
https://help.sumologic.com/Search/Search_Query_Language/Search_Operators/where
Solution 2:[2]
You can add wildcards to your string for _sourcehost= I don't know if app= is a part of your string or if it's an indexed value. If it's just part of the log string, it would look like this:
"app=\"my-app\"" AND _sourceHost=*production*
Otherwise it might be
app=my-app AND _sourceHost=*production*
One step further, you can use the wildcards in the middle of strings too, e.g.,
prod*box would match prod553box or prod999box or prodfoobox
Solution 3:[3]
you can use regex to match the wording.
(_sourceCategory="dev/test-app")
| parse regex field=_raw "(?<pre> \w*)production(?<suff> \w*)"
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Christian Beedgen |
| Solution 2 | bikeonastick |
| Solution 3 | Sam |