Migrate from Sumo Logic Query Language to APL
This guide dives into why APL could be a superior choice for your data needs, and the differences between Sumo Logic and APL.
Introduction
In the sphere of data analytics and log management, being able to query data efficiently and effectively is of paramount importance.
This guide dives into why APL could be a superior choice for your data needs, the differences between Sumo Logic and APL, and the potential benefits you could reap from migrating from Sumo Logic to APL. Let’s explore the compelling case for APL as a robust, powerful tool for handling your complex data querying requirements.
APL is powerful and flexible and uses a pipe (|
) operator for chaining commands, and it provides a richer set of functions and operators for more complex queries.
Benefits of Migrating from SumoLogic to APL
-
Scalability and Performance: APL was built with scalability in mind. It handles very large volumes of data more efficiently and provides quicker query execution compared to Sumo Logic, making it a suitable choice for organizations with extensive data requirements. APL is designed for high-speed data ingestion, real-time analytics, and providing insights across structured, semi-structured data. It’s also optimized for time-series data analysis, making it highly efficient for log and telemetry data.
-
Advanced Analytics Capabilities: With APL’s support for aggregation and conversion functions and more advanced statistical visualization, organizations can derive more sophisticated insights from their data.
Query Examples
Let’s see some examples of how to convert SumoLogic queries to APL.
Parse, and Extract Operators
Extract from
and to
fields. For example, if a raw event contains From: Jane To: John,
then from=Jane and to=John.
Sumo Logic:
APL:
Extract Source IP with Regex
In this section, we will utilize a regular expression to identify the four octets of an IP address. This will help us efficiently extract the source IP addresses from the data.
Sumo Logic:
APL:
Extract Visited URLs
This section focuses on identifying all URL addresses visited and extracting them to populate the “url” field. This method provides an organized way to track user activity using APL.
Sumo Logic:
APL:
Extract Data from Source Category Traffic
This section aims to identify and analyze traffic originating from the Source Category. We will extract critical information including the source addresses, the sizes of messages transmitted, and the URLs visited, providing valuable insights into the nature of the traffic using APL.
Sumo Logic:
APL:
Calculate Bytes Transferred per Source IP
In this part, we will compute the total number of bytes transferred to each source IP address. This will allow us to gauge the data volume associated with each source using APL.
Sumo Logic:
APL:
Compute Average HTTP Response Size
In this section, we will calculate the average size of all successful HTTP responses. This metric helps us to understand the typical data load associated with successful server responses.
Sumo Logic:
APL:
Get the average value from a string:
Extract Data with Missing Size Field (NoDrop)
This section focuses on extracting key parameters like src
, size
, and URL
, even when the size
field may be absent from the log message.
Sumo Logic:
APL:
Count URL Visits
This section is dedicated to identifying the frequency of visits to a specific URL. By counting these occurrences, we can gain insights into website popularity and user behavior.
Sumo Logic:
APL:
Page Count by Source IP
In this section, we will identify the total number of pages associated with each source IP address. This analysis will allow us to understand the volume of content generated or hosted by each source.
Sumo Logic:
APL:
Reorder Pages by Load Frequency
We aim to identify the total number of pages per source IP address in this section. Following this, the pages will be reordered based on the frequency of loads, which will provide insights into the most accessed content.
Sumo Logic:
APL:
Identify the top 10 requested pages.
Sumo Logic:
APL:
Top 10 IPs by Bandwidth Usage
In this section, we aim to identify the top 10 source IP addresses based on their bandwidth consumption.
Sumo Logic:
APL:
Top 6 IPs by Number of Hits
This section focuses on identifying the top six source IP addresses according to the number of hits they generate. This will provide insight into the most frequently accessed or active sources in the network.
Sumo Logic
APL:
Timeslice and Transpose
For the Source Category “apache”, count by status_code and timeslice of 1 hour.
Sumo Logic:
APL:
Hourly Status Code Count for “Text” Source
In this section, We aim to count instances by status_code
, grouped into one-hour timeslices, and then transpose status_code
to column format. This will help us understand the frequency and timing of different status codes.
Sumo Logic:
APL:
Status Code Count in 5 Time Buckets
In this example, we will perform a count by ‘status_code’, sliced into five time buckets across the search results. This will help analyze the distribution and frequency of status codes over specific time intervals.
Sumo Logic:
APL:
Grouped Status Code Count
In this example, we will count messages by status code categories. We will group all messages with status codes in the 200s
, 300s
, 400s
, and 500s
together, we are also groupint the method requests with the GET
, POST
, PUT
, DELETE
attributes. This will provide an overview of the response status distribution.
Sumo Logic:
APL:
Conditional Operators
For the Source Category “apache”, find all messages with a client error status code (40*):
Sumo Logic:
APL:
Browser-based Hit Count
In this query example, we aim to count the number of hits by browser. This analysis will provide insights into the different browsers used to access the source and their respective frequencies.
Sumo Logic:
APL:
Use the where operator to match only weekend days.
Sumo Logic:
APL:
Extract Numeric Version Numbers
In this section, we will identify version numbers that match numeric values 2, 3, or 1. We will utilize the num
operator to convert these strings into numerical format, facilitating easier analysis and comparison.
Sumo Logic:
APL:
Making the Leap: Transform Your Data Analytics with APL
As we’ve navigated through the process of migrating from Sumo Logic to APL, we hope you’ve found the insights valuable. The powerful capabilities of Axiom Processing Lnaguage are now within your reach, ready to empower your data analytics journey.
Ready to take the next step in your data analytics journey? Dive deeper into APL and discover how it can unlock even more potential in your data. Check out our APL learning resources and tutorials to become proficient in APL, and join our community forums to engage with other APL users. Together, we can redefine what’s possible in data analytics. Remember, the migration to APL is not just a change, it’s an upgrade. Embrace the change, because better data analytics await you.
Begin your APL journey today!