Skip to main content

search

Description

Performs a search on the data.

danger

Using aggs in a query is allowed only if it is preceded by commands that also operate with the internal storage mechanisms. These include source and peval. This condition must also be met for all subqueries within the query.

Syntax

search <compare>

Required Arguments

ParameterSyntaxDescription
compare<field> > | >= | == | < | <= | != <field> | <value>A conditional operation for data comparison.

Search Modes

  • regex - search using a regular expression
  • wildcard - search using wildcard characters * and ?
  • cidr - search using a subnet mask
tip

If there is no operator between conditions, the default operator is AND.

A value (<value>) can be specified without double quotes if it does not contain separators or special characters.

Query Examples

Example #1
...
| search user=Ivanov OR user="Mar*"
Example #2
...
| search count_result=5 AND nick="Iv*" mail="iv*"
Example #3
...
| search regex place="(Ho|Mo)tel"
Example #4
...
| search wildcard name="An*li?"
Example #5
...
| search cidr host="10.78.0.0/16"
Example #6
...
| search cidr host="2001::/4"