Filtering Query Functions
Filter functions allow you to filter events or event data based on whether the query matches the filter. For example:
Would return all events where the name field equals datasource-count.
Filter functions can also be negated, i.e. filter the events that do not match the given filter. For example:
Would return all events where the name field does not equal datasource-count.
All the functions in the table below are negatable except
Table: Filtering Query Functions
|Checks whether the given value matches any of the values of the array and excludes the event if no value matches|
|Checks whether the given pattern matches any of the values of the array and excludes the event from the search result|
|Filters events using CIDR subnets.|
|Calculates a secure hash of a field and uses it to match events as a filter.|
|Filters records by values where field is in given values.|
|Samples the event stream.|
|Runs query to determine IDs, and then gets all events containing one of them.|
|Evaluates boolean expression and filters events.|