Boolean and grouping operators
There are a few operators that you can use to refine your searches (note that these operators must be in uppercase to not be considered search terms):
AND is implied between terms.
error maryis the same aserror AND mary.OR allows you to specify multiple values.
error OR marymeans "find any event that contains either word".NOT applies to the next term or group.
error NOT marywould find events that containerrorbut do not containmary."" identifies a phrase.
"Out of this world"will find this exact sequence of words.Out of this worldwould find any event that contains all of these words, but not necessarily in that order.( ) is used for grouping terms. Parentheses can help avoid confusion in logic. For instance, these two statements are equivalent:
bob error OR warn NOT debug(bob AND (error OR warn)) AND NOT debug
= is reserved for specifying fields. Searching for an equal sign can be accomplished by wrapping it in quotes.
[ ] is used to perform...
