search

Description

Performs a search on the data.

danger

Using aggs in a query is allowed only if it is preceded by commands that also operate with the internal storage mechanisms. These include source and peval. This condition must also be met for all subqueries within the query.

Syntax

search <compare>

Required Arguments

Parameter	Syntax	Description
`compare`	`<field> > \| >= \| == \| < \| <= \| != <field> \| <value>`	A conditional operation for data comparison.

Search Modes

regex - search using a regular expression
wildcard - search using wildcard characters * and ?
cidr - search using a subnet mask

tip

If there is no operator between conditions, the default operator is AND.

A value (<value>) can be specified without double quotes if it does not contain separators or special characters.

Query Examples

Example #1

...
| search user=Ivanov OR user="Mar*"

Example #2

...
| search count_result=5 AND nick="Iv*" mail="iv*"

Example #3

...
| search regex place="(Ho|Mo)tel"

Example #4

...
| search wildcard name="An*li?"

Example #5

...
| search cidr host="10.78.0.0/16"

Example #6

...
| search cidr host="2001::/4"

Description​

Syntax​

Required Arguments​

Search Modes​

Query Examples​

Description

Syntax

Required Arguments

Search Modes

Query Examples