azure - Find all records where a column is either equal to string A or string B using kusto query language
问题描述
I need to find all records in a table where one of the columns CounterName contains a certain kind of string and another column InstanceName has the value equivalent to either string C: or string D:.
The below query works appropriately and returns the required records/results:
Perf
| search CounterName:"Free*bytes" and (InstanceName=="C:" or InstanceName=="D:")
However, in the above query, we need to repeat the InstanceName twice. So I attempted another query (shared below) which attempts to do the same, but it does not return any records (NO RESULTS FOUND):
Perf
| search CounterName:"Free*bytes" and InstanceName==("C:" or "D:")
Why is the second query not return any results? Is it because of the expression ("C:" or "D:") which would evaluate to a boolean?
Is there a way I can search multiple strings in a column (and select that record if any string is present) without having to repeat the column name (like we had to repeat in the first query)?
We can run the above queries online on Log Analytics in the demo section if needed (however, it may require login).
解决方案
The or operator is meant to be used with Boolean expressions. Using it with strings does not evaluate one result or the other.
To achieve what you are asking, try the in operator instead.
Perf
| search CounterName:"Free*bytes" and InstanceName in ("C:","D:")
推荐阅读
- python - 为什么我们必须在 python 中写 print('you are ' + str(32) + ' Years old' 什么时候
- java - 在没有杰克逊或 gson 的情况下将 byte[] 转换为 json,反之亦然
- python - 怎么打电话。python脚本中的/home/test.sh文件
- amazon-web-services - ECS 中的任务定义无法从不同的 AWS 账户中提取文档映像
- java - Java ArrayMap 实现
- reactjs - 理解为什么在 React 类组件中不推荐使用 super()
- c - 套接字 fd 的 write() 是否有大小限制?
- python - Python转换两个不同坐标平面之间的角度?
- javascript - TypeError:find_element_by_xpath() 得到了一个意外的关键字参数“onclick”
- if-statement - 如何在JMeter中使用if控制器检查文件名