Boolean and grouping operators
There are a few operators that you can use to refine your searches (note that these operators must be in uppercase to not be considered search terms):
- AND is implied between terms.
error maryis the same aserror AND mary. - OR allows you to specify multiple values.
error OR marymeans "find any event that contains either word". - NOT applies to the next term or group.
error NOT marywould find events that containerrorbut do not containmary. - "" identifies a phrase.
"Out of this world"will find this exact sequence of words.Out of this worldwould find any event that contains all of these words, but not necessarily in that order. - ( ) is used for grouping terms. Parentheses can help avoid confusion in logic. For instance, ...
Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
