Execute Search Job
Overview
Read-type Snap-
Works in Ultra Pipelines
You can use this Snap to execute the SumoLogic search job and returns results to the output view.
Prerequisites
None.
Limitations and Known Issues
None.
Snap Views
| View | Description | Examples of Upstream and Downstream Snaps |
|---|---|---|
| Input | This Snap does not require a specific upstream Snap. An upstream Snap, can provide documents to be used to evaluate the SumoLogic search job configuration. | |
| Output | Expected downstream Snaps would use the SumoLogic search results to either do routing and/or data persistence. | |
| Error |
Error handling is a generic way to handle errors without losing data or failing the Snap execution. You can handle the errors that the Snap might encounter when running the pipeline by choosing one of the following options from the When errors occur list under the Views tab. The available options are:
Learn more about Error handling in Pipelines. |
|
Snap Settings
-
Suggestion icon (
):
Indicates a list that is dynamically populated based on the configuration.
-
Expression icon (
):
Indicates whether the value is an expression (if enabled) or a static value (if disabled).
Learn more about Using Expressions in SnapLogic.
-
Add icon (
):
Indicates that you can add fields in the field set.
-
Remove icon (
):
Indicates that you can remove fields from the field set.
| Field / Field Set | Type | Description |
|---|---|---|
| Label | String | Required. Specify a unique name for the Snap. Modify this to be more appropriate, especially if there are more than one of the same Snap in the pipeline. |
| Query | String/Expression |
Required.
Specify the SumoLogic search expression.
Refer to SumoLogic documentation for more information.
Default value: N/A Example: Unsuccessful | summarize |
| From | String/Expression |
Required.
Specify the beginning date time range for the search.
Format: yyyy-MM-ddTHH:mm:ss. It is a ISO 8601 date of the time range to start the search.
Default value: N/A Example: 2023-05-11T09:30:00+03:00 |
| To | String/Expression |
Required.
Specify the endof date time range for the search.
Format: yyyy-MM-ddTHH:mm:ss.
It is a ISO 8601 date of the time range to end the search.
Default value: N/A Example: 2023-05-12T09:30:00+03:00 |
| Time Zone | String/Expression/Suggestion |
Required.
Specify the time zone for the From and To date time settings above.
Default value: UTC Example: IST |
| Field schema mapping | Checkbox |
Select this checkbox to convert the response data to matching data types based on the SumoLogic response field schema instead of using the default string type for all fields.
Search result fields that cannot be mapped according to the field schema type generate an error in the output.
Default status: Deselected |
| Aggregate search results | Checkbox |
Select the checkbox to aggregate search result messages into a single document, including any aggregate metrics if the search query has an aggregate function.
If the selected, then a single document is generated with the found messages and the aggregate records (message metrics) as child listelements. Else, the found messages are written to the output as separate document entries. Default status: Deselected |
| Snap execution | Dropdown list | Select one of the three modes in which the Snap executes.
Available options are:
|
Examples
The following example pipeline demonstrates how to archive the SumoLogic search job results to a database from the previous month beginning the first day of each new month.
- Configure the SumoLogic Execute Search Job Snap with the Query and From and To dates. In this case, the Snap is configured.
- To search for the word
Handling. - A to_date parameter set to the first day of the month is used to schedule this pipeline each month and re-run as necessary.
- To search for the word
- Configure the Mapper Snap as shown in the image with the SumoLogic and MySQL schema.
- Configure the File Writer Snap to write the message to a file and run the pipeline.
