Search Analytics Options Overview
Review wildcard and syntax options that can help to improve Search Analytics Discover operations
Search Analytics and Elastic support some logic options for the search term values. The following table describes different options for search terms that provide some flexibility in values.
Note that Dashboards Query Language (DQL) does not support regular expressions or searching with fuzzy or proximity terms.
| Search Option | Description |
|---|---|
| Wildcard (*) | The asterisk wildcard character replaces (represents) multiple characters. For example: - *reg* finds instances of the chars reg as is or within strings like irregular or regular and so forth.- reg* matches when reg are the first three characters in a value.- *reg matches when reg are the last three characters of a value.By default, OpenSearch Dashboards does not support leading wildcards for performance reasons, but ChaosSearch supports them. |
| Wildcard (?) | The question mark wildcard character replaces (represents) one valid character, number, or symbol. For example: - "*si?e*" matches on side, aside, sitewide, and others where ? could be any one value and the matching item could be any length.- "*?ide" matches on values that end a string in ide with any (or no) preceding characters.- "side?*" matches on values that begin a string with side and any number of characters like sides, siding, sitewide, or sideways.- "si?e *" (with a space before *) matches on strings that begin with the four-character value si-e, where the third character could vary.- "? *" will match results if a string begins with any one-character value.When using the single-character wildcard, enclose the wildcard string in double quotation marks. |
| Ranges | In a DQL search, you can specify ranges using the range operators >, >=, <, and <= on numeric and date types using the format:field operator value [and field operator value]For example: error >= 400 and error <=500o_totalprice > 130000 |
Updated 3 months ago