Include All Fields with Any Given Pattern
Query
logscale
wildcard(field=animal, pattern=*, includeEverythingOnAsterisk=true)
Introduction
Given the following three events:
animal = horse |
---|
animal = seahorse |
machine = car |
Match all events in the result set — even those missing
the animal field
specified in
field
.
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[/Filter/] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
wildcard(field=animal, pattern=*, includeEverythingOnAsterisk=true)
Set
pattern
to*
and include theincludeEverythingOnAsterisk
parameter in the query. Event Result set.
Summary and Results
The result is a list of the following accepted events:
field | value |
---|---|
animal | horse |
animal | seahorse |
machine | car |
Without
includeEverythingOnAsterisk
(includeEverythingOnAsterisk=false
),
only events with
animal
as the
argument would match. For example:
field | value |
---|---|
animal | horse |
animal | seahorse |