Home > Blockchain >  Doing where condition with an array of value in KQL
Doing where condition with an array of value in KQL

Time:09-16

I'm trying so simplify my searches since I'm searching same values in different tables, I want to put the searched values in a table and put it in my where condition can't succeed to do it, I tried with "has_any" operator or "in", I tried several types of variable, can someone help on that :

let array= ("AAA","BBB","CCC");

Table
|where Field in(array)

Table1
|where Field1 in (array)

Thank you

CodePudding user response:

search operator

search "AAA" or "BBB" or "CCC"
| summarize count() by $table
$table count_
StormEvents 69

Fiddle

CodePudding user response:

You can create an array with pack_array and use has_any.

let array= pack_array("AAA","BBB","CCC");
StormEvents
| where EpisodeNarrative has_any (array)
| count

Run sample in ADX

Page link:https//www.codepudding.com/Blockchain/545947.html

Prev:Can't setup apm-integration-testing for debugging kibana
Next:Nginx-Ingress not picking up certificate from cert-manager
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding