Create a search job (primitive)
sumo_create_search_jobStart a Sumo Logic search job and obtain its ID immediately. Background keepalive ensures the job persists for later fetching of messages or records.
Instructions
Creates a search job and returns its id WITHOUT waiting. The server background-polls created jobs (keepalive) so the job persists across your tool calls; without that, Sumo cancels jobs after a short idle period. Page results with sumo_get_messages / sumo_get_records; always call sumo_delete_search_job when done. Time range: exactly ONE of last (relative, e.g. "15m", "2h"; units s/m/h/d) OR both from and to (ISO-8601 like 2026-07-02T18:28:00, or epoch milliseconds).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| to | No | End time: ISO-8601 or epoch ms. Requires `from`. | |
| from | No | Start time: ISO-8601 or epoch ms. Requires `to`. | |
| last | No | Relative window ending now, e.g. "15m", "2h", "1d". Mutually exclusive with from/to. | |
| query | Yes | Sumo Logic query text. | |
| timeZone | No | IANA timezone for query-time parsing (default UTC). | |
| byReceiptTime | No | Search by receipt time; recommended true for very recent windows (ingestion lag). |