{"id":26995,"date":"2025-06-18T14:08:38","date_gmt":"2025-06-18T22:08:38","guid":{"rendered":"https:\/\/www.sumologic.com\/?post_type=blog&p=26995"},"modified":"2026-02-17T11:02:24","modified_gmt":"2026-02-17T19:02:24","slug":"five-log-search-hacks","status":"publish","type":"blog","link":"https:\/\/www.sumologic.com\/blog\/five-log-search-hacks","title":{"rendered":"Get more out of Sumo Logic: five log search hacks you\u2019ll actually use"},"content":{"rendered":"\n
\n
\n
\n
\n
\"Top<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

Think Sumo Logic is only for query language pros? Think again. Whether you’re deep into JSON logs or just trying to make sense of a Linux error message, these five time-saving hacks turn anyone into a log-searching ninja, no regex, no complexity, just clicks. From instantly parsing values to filtering down with a tap, these tips will help you troubleshoot faster, work smarter, and feel more confident in your observability game. You\u2019ve got logs, now it\u2019s time to put them to work. <\/p>\n\n\n\n

Hack #1: Parse selected key (JSON)<\/h2>\n\n\n\n

Got JSON logs staring back at you? For example, CloudTrail logs<\/a>, and you want to parse a key without writing any code. Don\u2019t stress, just right-click and select \u2018Parse Selected Key\u2019 to add a new line. With this handy trick, you can instantly parse the key you need, no code required. It\u2019s like having a built-in cheat code for structured data<\/a>.<\/p>\n\n\n\n

\"\"<\/div>\n<\/div>\n\n\n\n
<\/div>\n<\/div>\n\n\n\n
\n
\"\"<\/div>\n\n\n\n

<\/p>\n\n\n\n

And viola, this is how your query would look now!<\/strong><\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/div>\n<\/div>\n\n\n\n
\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

Hack #2: See percentage of values<\/h2>\n\n\n\n


Curious about what\u2019s popping up most in your logs? No need to build a full query, just left-click the field on the left and boom: top ten values, ready to go. It\u2019s like instant insights, with zero effort.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/div>\n\n\n\n

<\/p>\n\n\n\n

Really helpful to see top IP addresses, or event sources from the logs.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Hack #3: Filter down into a value with a click<\/h2>\n\n\n\n


Found an interesting value in your top ten Amazon services coming into Sumo Logic? Want to zoom in fast? Just click it, and Sumo Logic adds the filter for you. It\u2019s like saying, \u201cJust show me the good stuff\u201d, and Sumo Logic listens.

Need to laser into Lambda logs to debug latency issues? You can click the lambda.amazonaws.com value from the top ten list, and ta-da! A new line filtering to that value will be made.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/div>\n\n\n\n

<\/p>\n\n\n\n

This is the new query:<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/div>\n\n\n\n


Hack #4: Expand nested JSON<\/h2>\n\n\n\n

Tired of clicking open every little arrow to see what\u2019s hiding in your logs? Right-click and hit \u201cExpand Nested JSON\u201d to open it all up in one go. It\u2019s the fastest way to turn a mystery blob into something readable.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/div>\n<\/div>\n\n\n\n
\n

<\/p>\n\n\n\n

With a couple of clicks, you will now see the whole JSON structure from this log.<\/p>\n\n\n\n

\"\"<\/div>\n<\/div>\n\n\n\n
\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

Hack #5: Parse unstructured logs with the UI<\/h2>\n\n\n\n

So far, we\u2019ve been living in the land of JSON, but what if your logs are a bit more\u2026 wild? No problem. This hack helps you wrangle unstructured logs<\/a> without knowing a lick of regex. <\/p>\n\n\n\n

Got some messy error logs from a Linux server? You\u2019re just a few clicks away from clean, structured fields, no wizardry required.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/div>\n<\/div>\n\n\n\n
\n

<\/p>\n\n\n\n

Select the text you want to divide into fields. For example, take the Network Manager logs and the error message.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/div>\n<\/div>\n\n\n\n
\n

<\/p>\n\n\n\n

You will now see the Parse Text screen:<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/div>\n\n\n\n

Select whatever value you want to extract from this string.<\/p>\n\n\n\n

<\/div>\n\n\n\n
\"\"<\/div>\n\n\n\n
<\/div>\n\n\n\n

Now do the same exercise for the message after the error. The value will be replaced with a wildcard, and you will name the field. In this case, the field names are severity and description.<\/p>\n\n\n\n

<\/div>\n\n\n\n
\"\"<\/div>\n\n\n\n
<\/div>\n\n\n\n

And now, click Submit.  An easily made query line!<\/p>\n\n\n\n

Query:<\/p>\n\n\n\n

\"\"<\/div>\n\n\n\n


<\/p>\n\n\n\n

Results:<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/div>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

And just like that, we\u2019ve unlocked five simple hacks to make your Sumo Logic experience faster, easier, and way more powerful. Whether you\u2019re navigating structured JSON or decoding messy logs from a server, these tricks help you skip the heavy lifting and get straight to the insight. No complex queries, no stress, just clicks, filters, and a whole lot of “oh wow, that was easy.”<\/p>\n\n\n\n

Now go forth and parse with confidence. And this is just the beginning. Sumo Logic\u2019s full of clever little shortcuts waiting to be discovered. 
Try it yourself today<\/a>. Happy log hunting!<\/p>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":369,"featured_media":26997,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"3","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"blog-category":[128],"blog-tag":[],"translation_priority":[221]},"selected_primary_terms":{"blog-category":[]},"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"#gspb_image-id-gsbp-147ec1f,#gspb_image-id-gsbp-19349af,#gspb_image-id-gsbp-247b002,#gspb_image-id-gsbp-4e1a09e,#gspb_image-id-gsbp-4e96ec3,#gspb_image-id-gsbp-51b0afa,#gspb_image-id-gsbp-54d2ac3,#gspb_image-id-gsbp-55c2739,#gspb_image-id-gsbp-690f939,#gspb_image-id-gsbp-c0ba2f4,#gspb_image-id-gsbp-c6d00ac,#gspb_image-id-gsbp-cb9bca7,#gspb_image-id-gsbp-cbfc2df,#gspb_image-id-gsbp-d63f10c,#gspb_image-id-gsbp-f3c5896{margin:20px 10px;padding:10px}#gspb_image-id-gsbp-147ec1f img,#gspb_image-id-gsbp-19349af img,#gspb_image-id-gsbp-247b002 img,#gspb_image-id-gsbp-4e1a09e img,#gspb_image-id-gsbp-4e96ec3 img,#gspb_image-id-gsbp-51b0afa img,#gspb_image-id-gsbp-54d2ac3 img,#gspb_image-id-gsbp-55c2739 img,#gspb_image-id-gsbp-690f939 img,#gspb_image-id-gsbp-c0ba2f4 img,#gspb_image-id-gsbp-c6d00ac img,#gspb_image-id-gsbp-cb9bca7 img,#gspb_image-id-gsbp-cbfc2df img,#gspb_image-id-gsbp-d63f10c img,#gspb_image-id-gsbp-f3c5896 img{vertical-align:top;display:inline-block;box-sizing:border-box;max-width:100%;height:auto}","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"71176,71070,71043","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"blog-category":[128],"blog-tag":[],"class_list":["post-26995","blog","type-blog","status-publish","has-post-thumbnail","hentry","blog-category-application-observability"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/26995","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/369"}],"version-history":[{"count":20,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/26995\/revisions"}],"predecessor-version":[{"id":71316,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/26995\/revisions\/71316"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media\/26997"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=26995"}],"wp:term":[{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog-category?post=26995"},{"taxonomy":"blog-tag","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog-tag?post=26995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}