Versions Compared

Old Version 1

changes.mady.by.user Anthony Shevlin

Saved on

compared with

New Version Current

changes.mady.by.user Anthony Shevlin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
typeflat
printablefalse

Run a search that is parameterized by the values in the input table. It runs a search for each row of the input table.

...

Input table with the name input_table_1:

id

source_category_for_searching

lhub_ts

1

github

1517348699000

2

salesforce

1517351974000

3

cloudtrail

1517349002000

Output table: The columns shaded in yellow are the preview columns for the Sumo Logic searches.

id

source_category_for_searching

lhub_ts

lhub_status

lhub_error

lhub_num_results

previewStartTime

previewQuery

previewEndTime

1

github

1517348699000

success

0

1517348659000

_sourceCategory=github | count by _sourcehost | sort _count

1517348739000

2

salesforce

1517351974000

success

0

1517351934000

_sourceCategory=salesforce | count by _sourcehost | sort _count

1517352014000

3

cloudtrail

1517349002000

success

0

1517348962000

_sourceCategory=cloudtrail | count by _sourcehost | sort _count

1517348962000

Here is an example of the standard mode:

...

Code Block
runSearch(SumoLogicConnection, input_table_1,
          "_sourceCategory=$source_category_for_searching | count by _sourcehost | sort _count",
          "lhub_ts - 40000", "lhub_ts + 40000", "5 s")

Input table:

id

source_category_for_searching

lhub_ts

1

github

1517348699000

2

salesforce

1517351974000

3

cloudtrail

1517349002000

Output table: In this example, the search on "github" returns 3 results, the search on "salesforce" returns 0 results, and the search on "cloudtrail" returns 5 results. The columns shaded in green are search results from Sumo Logic. The columns lhub_status, lhub_error, and lhub_num_results provide a summary of the search.

  • lhub_status indicates whether the search was "success" or "failure".

  • lhub_error is the error message in the case when the search resulted in a failure.

  • lhub_num_results indicates the total number of results of the search.

id

source_category_for_searching

lhub_ts

lhub_status

lhub_error

lhub_num_results

remote__sourcehost

remote__count

1

github

1517348699000

success

3

host1

765

2

github

1517348699000

success

3

host3

45

3

github

1517348699000

success

3

host9

2

4

salesforce

1517351974000

success

0

5

cloudtrail

1517349002000

success

5

prod-cloud-2

10231

6

cloudtrail

1517349002000

success

5

prod-cloud-10

543

7

cloudtrail

1517349002000

success

5

prod-cloud-76

87

8

cloudtrail

1517349002000

success

5

prod-cloud-252

12

9

cloudtrail

1517349002000

success

5

prod-cloud-88

1