Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
March 30, 2023
Log management is the processes and tools your DevSecOps team uses to collect, store and manage log data. As they constantly assess your applications and systems for performance, log analytics comes into play to improve the efficiency and effectiveness of an organization, identify and troubleshoot problems, and monitor the health and performance of the system.
Looking for a proactive approach to find issues, bugs and threats? Would you be interested in surfacing your business and user adoption insights? Log analytics is the answer—and one that actually contains a multitude of “questions,” also known as queries.
Think of a query like a question, but rather than asking a human to tell you something, you’re requesting information from a data lake. How can you ask a question and be understood by the recipient? By speaking the same language.
It’s important to learn the language of queries—if you have programming experience, writing a query should be a fairly familiar concept and will use many components you already know. If you’re new to the programming world, learning a bit of SQL (Structured Query Language) and a few basic query concepts is helpful.
SQL commands are the building blocks used to create queries and communicate with a database to perform tasks and functions with data. Many of the basic concepts that are used in SQL are also used in other query languages. A few of the most common SQL commands are:
SELECT – Allows you to retrieve data
AND — Used to combine data
ORDER BY — Sort results by whatever parameter(s) you choose
UPDATE — Modify existing data
WHERE — Filter data and retrieve its value based on the set condition
It may also be helpful to think of queries as searches — you’re using these components to create a search that looks for information and returns it to you.
Using queries is the best way to extract actionable insights from your log data. Different queries are used (and combined with other commands) for specific functions. For example:
A select query retrieves and displays specific information
An action query manipulates data
You can and should attach parameters to create sophisticated and customized queries. Whether you are using SQL or a different language, it’s important to remember that the system will do exactly what you tell it to do. Be sure to check (and double-check) your query to ensure the syntax is correct.
The query language used depends on your log analytics solution. Most log management and analytics tools will use their query language that works with their unique system. However, if you understand the basics of querying or have programming experience, you will most likely be able to learn the appropriate language quickly.
You can perform log analytics with our Search Query Language at Sumo Logic. The extensive query options are intuitive and efficient, helping you quickly extract valuable insights from your log messages — no matter how many log sources you have. Like any language, Sumo’s search query language has rules and syntax. You can create ad hoc queries quickly and efficiently based on logical and familiar operators.
Sumo Logic query syntax example
The syntax for a typical search query often looks similar to this:
keyword expression | operator 1 | operator 2 | operator 3
It may be helpful to think of the syntax as a funnel or “pipeline.” Starting with your current Sumo Logic data, you enter keywords and operators separated by pipes (“|”). As you build your query, each operator acts on the results from the previous one. Results are returned incrementally, with the most recent messages displayed first. Additional messages are added progressively to the Messages tab as the search walks backward through all your log data.
You can explore our search syntax overview if you want to learn more about the rules and syntax.
When you use Sumo Logic’s query language and patented Log Reduce and Log Compare, you’ll find a powerful tool that gives you plenty of search options—querying across structured and unstructured data, from metrics and traces to logs, without sampling for full fidelity. When checking out the capability of other log analytics solutions, you’ll notice that Sumo Logic’s Search Query Language stands out.
As you’re writing queries, Sumo’s Getting Started with Search will help you learn how to build and run searches, review logs and much more. You’ll find guides like:
Our extensive resources include our Sumo Logic Query Library, a community space where users can post useful queries and view log query examples. You can use this resource to help you search your data. You’ll find other interesting tidbits in our community, like how some users experiment with ChatGPT to write queries!
Learn how Sumo Logic helps you centrally collect and analyze data to quickly troubleshoot performance issues, investigate security threats and improve business operations in this short intro video:
Ready to get started with Sumo Logic? We’re here to help you throughout the entire log management process, from ensuring application reliability and securing and protecting against modern threats all the way down to your everyday queries that surface valuable insights for your enterprise.
Learn the fundamentals with Sumo Logic certification and get started on your journey toward being a query master — we’re looking forward to meeting you!
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.
Start free trial