Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Run a search that is parameterized by the values in the input table. It runs a search for each row of the input table.
...
Input table with the name input_table_1
:
id | source_category_for_searching | lhub_ts |
---|---|---|
1 | github | 1517348699000 |
2 | salesforce | 1517351974000 |
3 | cloudtrail | 1517349002000 |
Output table: The columns shaded in yellow are the preview columns for the Sumo Logic searches.
id | source_category_for_searching | lhub_ts | lhub_status | lhub_error | lhub_num_results | previewStartTime | previewQuery | previewEndTime |
---|---|---|---|---|---|---|---|---|
1 | github | 1517348699000 | success | 0 | 1517348659000 | _sourceCategory=github | count by _sourcehost | sort _count | 1517348739000 | |
2 | salesforce | 1517351974000 | success | 0 | 1517351934000 | _sourceCategory=salesforce | count by _sourcehost | sort _count | 1517352014000 | |
3 | cloudtrail | 1517349002000 | success | 0 | 1517348962000 | _sourceCategory=cloudtrail | count by _sourcehost | sort _count | 1517348962000 |
Here is an example of the standard mode:
...
Code Block |
---|
runSearch(SumoLogicConnection, input_table_1, "_sourceCategory=$source_category_for_searching | count by _sourcehost | sort _count", "lhub_ts - 40000", "lhub_ts + 40000", "5 s") |
Input table:
id | source_category_for_searching | lhub_ts |
---|---|---|
1 | github | 1517348699000 |
2 | salesforce | 1517351974000 |
3 | cloudtrail | 1517349002000 |
Output table: In this example, the search on "github" returns 3 results, the search on "salesforce" returns 0 results, and the search on "cloudtrail" returns 5 results. The columns shaded in green are search results from Sumo Logic. The columns lhub_status
, lhub_error
, and lhub_num_results
provide a summary of the search.
lhub_status
indicates whether the search was "success" or "failure".lhub_error
is the error message in the case when the search resulted in a failure.lhub_num_results
indicates the total number of results of the search.
id | source_category_for_searching | lhub_ts | lhub_status | lhub_error | lhub_num_results | remote__sourcehost | remote__count |
---|---|---|---|---|---|---|---|
1 | github | 1517348699000 | success | 3 | host1 | 765 | |
2 | github | 1517348699000 | success | 3 | host3 | 45 | |
3 | github | 1517348699000 | success | 3 | host9 | 2 | |
4 | salesforce | 1517351974000 | success | 0 | |||
5 | cloudtrail | 1517349002000 | success | 5 | prod-cloud-2 | 10231 | |
6 | cloudtrail | 1517349002000 | success | 5 | prod-cloud-10 | 543 | |
7 | cloudtrail | 1517349002000 | success | 5 | prod-cloud-76 | 87 | |
8 | cloudtrail | 1517349002000 | success | 5 | prod-cloud-252 | 12 | |
9 | cloudtrail | 1517349002000 | success | 5 | prod-cloud-88 | 1 |