Include All Fields with Any Given Pattern

Query

logscale
wildcard(field=animal, pattern=*, includeEverythingOnAsterisk=true)

Introduction

Given the following three events:

animal = horse
animal = seahorse
machine = car

Match all events in the result set — even those missing the animal field specified in field.

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[/Filter/] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    wildcard(field=animal, pattern=*, includeEverythingOnAsterisk=true)

    Set pattern to * and include the includeEverythingOnAsterisk parameter in the query.

  3. Event Result set.

Summary and Results

The result is a list of the following accepted events:

fieldvalue
animalhorse
animalseahorse
machinecar

Without includeEverythingOnAsterisk (includeEverythingOnAsterisk=false), only events with animal as the argument would match. For example:

fieldvalue
animalhorse
animalseahorse