Expressions

📄️ Boolean Expressions

Search Anywhere Framework Languqage (SAFL) supports the boolean logical operators AND, OR and NOT.

📄️ Comparison Operators

SAF extracts key-value pairs when processing data and stores them as event fields. Some fields are present in all events, others are not. Using fields in search queries allows you to more accurately find the events you need. For example, if you want to find logout events in Windows logs, instead of looking for "event logged-out 4647" values, you would use fields for a more specific query:

📄️ Regular Expressions

In Search Anywhere Framework Language (SAFL), regular expressions are used with the rex command. Regular expressions can be used with functions such as match and replace.