How do I add a custom filter to a log search?

Question

How do I create and add a custom placeholder/filter to a log search in sumologic?

In this example, how would I replace dev- with an ${env} placeholder that I can use as a filter in the dashboard I am creating.

_source="syslog-collector" "dev-my-app" 
| parse "INFO : *" as jsonobject
| json field=jsonobject "load-time" as load_time
| timeslice 30m | pct(load_time, 99.9) as ms group by _timeslice

score 0 · Accepted Answer · answered Sep 13 '18 at 11:10

0

I used regex to parse an env variable which I then filtered on in my dashboard.

| parse regex "(?<env>(?<=.{20}).+?(?=-my-app))"

answered Sep 13 '18 at 11:10

Freid001

2,580
3
29
60

How do I add a custom filter to a log search?

1 Answers1