Home > front end >  What is the difference between the `!has` and `!has_cs` string operators in KQL?
What is the difference between the `!has` and `!has_cs` string operators in KQL?

Time:12-19

What is the difference between the !has and !has_cs string operators in KQL?

There is the documentation. It says that both the "North America" !has "amer" and the "North America" !has_cs "amer" will return true.

If the !has would not have been case sensitive I would expect the "North America" !has "amer" to return false, since America contains the amer if we ignore the casing. But it returns true. Hence, I conclude that the !has is case sensitive and behaves exactly the same as the !has_cs. Is it really the case or am I missing something here?

CodePudding user response:

has_cs is case sensitive.
has is case-insensitive.

Both of your conditions return true since has looks for a whole term.
A term is a sequence of alpha-numeric ASCII characters (see What is a term?)

In your example amer is just a (case-insensitive) piece (the prefix) of the whole term, which is America, therefore has returns false.

Page link:https//www.codepudding.com/frontend/647520.html

Prev:Whas is the difference between the `has` and `contains` operators in KQL?
Next:How do I parse Kusto Query output into Automation Script (Powershell or Python)
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding