SumoLogic Execute Search Job

On this page

This page is no longer maintained (Jul 12, 2023). For the most current information, go to Execute Search Job.


Snap type:

Read


Description:

This Snap is used to execute a Sumo Logic search job and return results to the output view.

  • Expected upstream SnapsThis Snap does not require a specific upstream Snap. An upstream Snap, however, can provide documents to be used used to evaluate the Sumo Logic search job configuration. Each input document would trigger a SumoLogic search job execution.
  • Expected downstream SnapsExpected downstream Snaps would use the Sumo Logic search results to either do routing and/or data persistence.
  • Expected inputEach input document would be expected to evaluate Sumo Logic search job configuration and execute the search job.
  • Expected output If the Show aggregate records settings checkbox is selected, then a single document is generated with the found messages and the aggregate records (message metrics) as child list elements. If the Show aggregate records checkbox is not selected, then found messages are written to the output as separate document entries.  If the field schema mapping checkbox is selected the result output fields will be converted from  the default string value according to the field type schema in Sumo Logic.


Prerequisites:

[None]


Support and limitations:
Account: 

This Snap uses account references created on the Accounts page of SnapLogic Manager to handle access to this endpoint. See Configuring SumoLogic Accounts for information on setting up this type of account.


Views:
InputThis Snap has at most one document input view.
OutputThis Snap has exactly one document output view.
ErrorThis Snap has at most one document error view and produces zero or more documents in the view. Error output view is only written when the Field schema mapping setting checkbox is selected.

Settings

Label


Required. The name for the Snap. You can modify this to be more specific, especially if you have more than one of the same Snap in your pipeline.

Query


Required. The Sumo Logic search expression.  See Sumo Logic documentation for searching at https://service.sumologic.com/help/  

Example: Unsuccessful | summarize

Default value: [None]


From


Required. The beginning date time range for the search. Format: yyyy-MM-ddTHH:mm:ss

Example: 2014-09-28T00:00:00

Default value: [None]


To 


Required. The ending date time range for the search. Format: yyyy-MM-ddTHH:mm:ss

Example: 2014-10-28T00:00:00

Default value: [None]


Time Zone


Required. The time zone for the "From" and "To" date time settings above.

Default value: [UTC]


Field schema mapping


Selected checkbox means the Sumo Logic response field schema will be used to convert response data into matching data types instead of using default string type for each field.  Search result fields that cannot me mapped according it's field schema type will generate an error to the error view.

Example:
In a scenario when the response data from SumoLogic has an entry called '_blockid', which is of 'integer' data type:

  • If the Field schema mapping check box is enabled, the data type of '_blockid' is retained as 'integer'.
  • If the Field schema mapping check box is not enabled, the data type of '_blockid' is converted to 'string'.

Default value: Selected


Aggregate search results


Aggregate search result messages into a single document along with any aggregate metrics (if search query has aggregate function).

Default value:  Not selected


Snap Execution

Select one of the three modes in which the Snap executes. Available options are:
  • Validate & Execute: Performs limited execution of the Snap, and generates a data preview during Pipeline validation. Subsequently, performs full execution of the Snap (unlimited records) during Pipeline runtime.
  • Execute only: Performs full execution of the Snap during Pipeline execution without generating preview data.
  • Disabled: Disables the Snap and all Snaps that are downstream from it.

Examples


If you wish to archive the Sumo Logic search job results to a database from the prior month beginning the first day of each new month, your pipeline might look something like this:


 

The Execute Search Job settings, in this case, are looking for the word "Handling".  
A to_date parameter set to the first day of the month is used so that this pipeline can be scheduled each month and re-run as necessary. 

 

The Mapper data shows the Sumo Logic schema and the MySQL schema:

 

The MySQL Insert message can then be written to a file:

 

See Also

Snap Pack History

 Click to view/expand
ReleaseSnap Pack VersionDateTypeUpdates
August 2023main22460 StableUpdated and certified against the current SnapLogic Platform release.
May 2023main21015 StableUpdated and certified against the current SnapLogic Platform release.
February 2023main19844 StableUpdated and certified against the current SnapLogic Platform release.
November 2022main18944 StableUpdated and certified against the current SnapLogic Platform release.
August 2022main17386 StableUpgraded with the latest SnapLogic Platform release.

4.29

main15993

 

Stable

Upgraded with the latest SnapLogic Platform release.

4.28main14627 StableUpgraded with the latest SnapLogic Platform release.

4.27

main12833

 

Stable

Upgraded with the latest SnapLogic Platform release.
4.26main11181 StableUpgraded with the latest SnapLogic Platform release.
4.25main9554
 
StableUpgraded with the latest SnapLogic Platform release.
4.24main8556
 
StableUpgraded with the latest SnapLogic Platform release.
4.23main7430
StableUpgraded with the latest SnapLogic Platform release.
4.22main6403
 
StableUpgraded with the latest SnapLogic Platform release.
4.21snapsmrc542
 
StableUpgraded with the latest SnapLogic Platform release.
4.20snapsmrc535
 
StableUpgraded with the latest SnapLogic Platform release.
4.19sumologic8337
 
Latest

Fixed the broken doc link for the Execute Search Job Snap.

4.19snaprsmrc528
 
StableUpgraded with the latest SnapLogic Platform release.
4.18snapsmrc523
 
StableUpgraded with the latest SnapLogic Platform release.
4.17ALL7402
 
Latest

Pushed automatic rebuild of the latest version of each Snap Pack to SnapLogic UAT and Elastic servers.

4.17sumologic7369

 

Latest

Fixed an issue with the Execute Search Job Snap wherein it fails to return the results correctly.

4.17snapsmrc515
 
Latest

Added the Snap Execution field to all Standard-mode Snaps. In some Snaps, this field replaces the existing Execute during preview check box.

4.16snapsmrc508
 
StableUpgraded with the latest SnapLogic Platform release.
4.15snapsmrc500
 
StableUpgraded with the latest SnapLogic Platform release.
4.14snapsmrc490
 
StableUpgraded with the latest SnapLogic Platform release.
4.13snapsmrc486
 
StableUpgraded with the latest SnapLogic Platform release.
4.12

snapsmrc480

 
StableUpgraded with the latest SnapLogic Platform release.
4.11snapsmrc465
 
StableUpgraded with the latest SnapLogic Platform release.
4.10

snapsmrc414

 
StableUpgraded with the latest SnapLogic Platform release.
4.9

snapsmrc405

 
StableUpgraded with the latest SnapLogic Platform release.
4.8

snapsmrc398

 
StableUpgraded with the latest SnapLogic Platform release.
4.7

snapsmrc382

 
LatestExtended authentication support using Access ID and Access Key fields.
4.6

sumologic1961

 
Latest

Updated Sumo Logic Account labels to reflect the Sumo Logic API Authentication requirement of using Access Keys, rather than usernames and passwords, as of September 28th 2016. Account settings will need to be updated to no longer use username and password values and instead use registered Access ID and Access Key values.

4.6snapsmrc362
 
Stable
4.5

snapsmrc344

 
Stable
4.41

Latest

Resolved an issue with Sumo Execute Search Job when returning over 10000 records. Snap Pack enhanced to support non-US1 Sumo Logic API Environments.