I am passing the following request to the sumo logic application and receiving "unparsable query" as the output. What is the problem in this query? Am I missing some escape strings?
String searchJobId = sumoClient.createSearchJob(
"_sourceCategory=na2_*_incomingaudit | parse regex \"^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{3} (?<host>[^ ]+) (?<tenant>[^ ]+) (?<identity>[^ ]+) (?<correlation_id>[^ ]+) (?<win32ThreadId>[^ ]+) (?<elapsedtime>[^ ]+) (?<context>[^ ]+) (?<message>[^ ]+) (?<exception>[^ ]+) (?<request>[^ ]+) (?<response>[^ ]+)\" | parse regex \"app=(?<app>[^ ]+)\" | parse regex \"appv=(?<appversion>[^ ]+\") | where app in (\"ios-mobile\",\"android-mobile\") | count by tenant | where tenant<> \"-\" | sort by _count" , Long.toString(startTimestamp),
Long.toString(endTimestamp),
"UTC");
Note: This is updated with the below suggestions and couldn't make it work.
Your closing quote is coming before the close of the capture group in the following parse statement of your query.
parse regex \"appv=(?<appversion>[^ ]+\")
Try to change to:
parse regex \"appv=(?<appversion>[^ ]+)\"