Skip to content

Search Tab

Jump to bottom Edit New page
Timothy MacDonald edited this page Sep 11, 2021 · 4 revisions

Search Tab Image

The search tab allows you to execute searches and either review them in the UI or write them to disk. If you choose to write them to disk they will not appear in the UI. This allows arbitrarily large amounts of results to be written to disk without running out of RAM.

This tab exists because the Sumo Logic UI export function is limited to 100,000 results. SumoToolBox should be able to dump significantly larger amounts of results. Keep in mind that the search API was not designed to export terrabytes of data so there are limits.

When running a query you must choose between "messages" (raw logs) and "records" (aggregate results).

Note that the search tab is not currently multithreaded so it will appear to "hang" as it is running. For large result sets this could be for hours. My advice is have patience and do not rage quit. Also test your query in the Sumo Logic UI first and make sure it's reasonable.

Add a custom footer
Add a custom sidebar
Clone this wiki locally