Search Analytics Options Overview

Review wildcard and syntax options that can help to improve Search Analytics Discover operations

Search Analytics and Elastic support some logic options for the search term values. The following table describes different options for search terms that provide some flexibility in values.

Note that Dashboards Query Language (DQL) does not support regular expressions or searching with fuzzy or proximity terms.

Search Option	Description
Wildcard (*)	The asterisk wildcard character replaces (represents) multiple characters. For example: `reg` finds instances of the chars `reg` as is or within strings like `irregular` or `regular` and so forth. `reg` matches when `reg` are the first three characters in a value. `reg` matches when `reg` are the last three characters of a value. By default, OpenSearch Dashboards does not support leading wildcards for performance reasons, but ChaosSearch supports them.
Wildcard (?)	The question mark wildcard character replaces (represents) one valid character, number, or symbol. For example: `"si?e"` matches on `side`, `aside`, `sitewide`, and others where `?` could be any one value and the matching item could be any length. `"?ide"` matches on values that end a string in `ide` with any (or no) preceding characters. `"side?"` matches on values that begin a string with `side` and any number of characters like `sides`, `siding`, `sitewide`, or `sideways`. `"si?e "` (with a space before ``) matches on strings that begin with the four-character value `si-e`, where the third character could vary. `"? *"` will match results if a string begins with any one-character value. When using the single-character wildcard, enclose the wildcard string in double quotation marks.
Ranges	In a DQL search, you can specify ranges using the range operators `>`, `>=`, `<`, and `<=` on numeric and date types using the format: `field operator value [and field operator value]` For example: `error >= 400 and error <=500` `o_totalprice > 130000`

Search Option

Description

Wildcard (*)

The asterisk wildcard character replaces (represents) multiple characters. For example:

*reg* finds instances of the chars reg as is or within strings like irregular or regular and so forth.
reg* matches when reg are the first three characters in a value.
*reg matches when reg are the last three characters of a value.

By default, OpenSearch Dashboards does not support leading wildcards for performance reasons, but ChaosSearch supports them.

Wildcard (?)

The question mark wildcard character replaces (represents) one valid character, number, or symbol. For example:

"*si?e*" matches on side, aside, sitewide, and others where ? could be any one value and the matching item could be any length.
"*?ide" matches on values that end a string in ide with any (or no) preceding characters.
"side?*" matches on values that begin a string with side and any number of characters like sides, siding, sitewide, or sideways.
"si?e *" (with a space before *) matches on strings that begin with the four-character value si-e, where the third character could vary.
"? *" will match results if a string begins with any one-character value.

When using the single-character wildcard, enclose the wildcard string in double quotation marks.

Ranges

In a DQL search, you can specify ranges using the range operators >, >=, <, and <= on numeric and date types using the format:

field operator value [and field operator value]

For example:
error >= 400 and error <=500
o_totalprice > 130000

Updated 14 days ago

What’s Next

Save your favorite searches for frequent use

Saving a Search Analytics Query