Perform a Free-Text Search in Rawstring
Perform a free-text search in a rawstring using the createEvents()
function
Query
createEvents(["foobar"])|@rawstring="*foo*"
Introduction
The createEvents()
function generates
temporary events as part of the query and is ideal for
generating sample data for testing or troubleshooting.
In this example, the createEvents()
function is used to do a free-text search for
foo
in a rawstring. The
*
around the value is to
ensure, that we are looking for any value in
@rawstring where
foo
is in the middle with
any prefix or suffix.
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
createEvents(["foobar"])|@rawstring="*foo*"
Free-text searches for
foo
in a rawstring. Notice that you must add*
around the free text stringfoo
. Event Result set.
Summary and Results
The query is used specifically to perform a free-text search in the @rawstring field. This can be useful in any case you may want to search a specific field name to check for that first part.