Get more out of Sumo Logic: five log search hacks you’ll actually use

Blog

Get more out of Sumo Logic: five log search hacks you’ll actually use

Table of contents

blog five log search hacks

And viola, this is how your query would look now!

blog five log search hacks 3

Hack #2: See percentage of values


Curious about what’s popping up most in your logs? No need to build a full query, just left-click the field on the left and boom: top ten values, ready to go. It’s like instant insights, with zero effort.

blog five log search hacks 4

Really helpful to see top IP addresses, or event sources from the logs.

Hack #3: Filter down into a value with a click


Found an interesting value in your top ten Amazon services coming into Sumo Logic? Want to zoom in fast? Just click it, and Sumo Logic adds the filter for you. It’s like saying, “Just show me the good stuff”, and Sumo Logic listens.

Need to laser into Lambda logs to debug latency issues? You can click the lambda.amazonaws.com value from the top ten list, and ta-da! A new line filtering to that value will be made.

blog five log search hacks 5

This is the new query:

blog five log search hacks 6


Hack #4: Expand nested JSON

Tired of clicking open every little arrow to see what’s hiding in your logs? Right-click and hit “Expand Nested JSON” to open it all up in one go. It’s the fastest way to turn a mystery blob into something readable.

Hack4image

With a couple of clicks, you will now see the whole JSON structure from this log.

shortcutMissed 1

Hack #5: Parse unstructured logs with the UI

So far, we’ve been living in the land of JSON, but what if your logs are a bit more… wild? No problem. This hack helps you wrangle unstructured logs without knowing a lick of regex. 

Got some messy error logs from a Linux server? You’re just a few clicks away from clean, structured fields, no wizardry required.

Shortcut4 3

Select the text you want to divide into fields. For example, take the Network Manager logs and the error message.

Finalshortcut

You will now see the Parse Text screen:

blog five log search hacks 7

Select whatever value you want to extract from this string.

blog five log search hacks 8

Now do the same exercise for the message after the error. The value will be replaced with a wildcard, and you will name the field. In this case, the field names are severity and description.

blog five log search hacks 9

And now, click Submit.  An easily made query line!

Query:

blog five log search hacks 10 1


Results:

blog five log search hacks 11

And just like that, we’ve unlocked five simple hacks to make your Sumo Logic experience faster, easier, and way more powerful. Whether you’re navigating structured JSON or decoding messy logs from a server, these tricks help you skip the heavy lifting and get straight to the insight. No complex queries, no stress, just clicks, filters, and a whole lot of “oh wow, that was easy.”

Now go forth and parse with confidence. And this is just the beginning. Sumo Logic’s full of clever little shortcuts waiting to be discovered. 
Try it yourself today. Happy log hunting!

Carlos Solano
Technical Account Engineer
Carlos Solano is a Technical Account Engineer at Sumo Logic, dedicated to helping customers get the most out of the platform and drive real business value through data. With a background in Electronics Engineering and a strong focus on customer success, Carlos thrives at the intersection of technical problem-solving and long-term client enablement. He holds a CompTIA Security+ certification, bringing a security-first mindset to every customer interaction. When he’s not diving into dashboards or supporting customer outcomes, you can find him playing with his cats Mimi and Odin.