Filtering commands
filter
Reduces the number of records in a list by keeping only those records that match the specified condition.
-
Syntax
| filter Predicate -
Example
1fetch logs2| fieldsRename severity=loglevel, source=log.source, logmessage = content3| filter (severity == "ERROR" or severity == "SEVERE") and contains(logmessage,"failed")
filterOut
Removes records that match a specific condition.
-
Syntax
filterOut condition [, input] -
Example
1fetch logs2| fieldsRename severity=loglevel, source=log.source, logmessage = content3| filterOut severity == "NONE" or severity == "INFO"