Searches the input data according to the conditional expression.
- Filter conditions in the form of an expression. For example, you can enter a comparison expression in the form
"KEY == VALUE"or
"KEY != VALUE"or a boolean expression. You can concatenate conditional expressions using logical operators such
- Maximum number of records to return (default: unlimited).
search command is responsible for receiving data, filtering only the data that matches the specified expression, and passing it to the following query commands. Only if the expression is true, the record can be passed to the next query command.
Filter a log containing the
gamestring literal in the line field (supports wildcards).
search line == "*game*"
Filter a log where the status code is not
search status != 200
Search for the case where
search src_ip == ip("188.8.131.52") and dst_port == 22