where

Table of Contents

Definition

where command shows only table rows that match with the defined condition.

Examples

You can limit the amount of results with comparison operators.

%dpl
index=example | where offset < 5
first example of where command

You also can use where to find rows that contain the value you are looking for.

%dpl
index=example | where _raw = 50
second example of where command

The command can be used alone or with other transform commands. For example, you can limit the amount of results and then create a chart based on the curated data.

%dpl
index=example
| where _raw = 50
| timechart sum(_raw)
example of multiple transform commands in use