Table of Contents


where command shows only table rows that match with the defined condition.


You can limit the amount of results with comparison operators.

index=example | where offset < 5
first example of where command

You also can use where to find rows that contain the value you are looking for.

index=example | where _raw = 50
second example of where command

The command can be used alone or with other transform commands. For example, you can limit the amount of results and then create a chart based on the curated data.

| where _raw = 50
| timechart sum(_raw)
example of multiple transform commands in use