1.SPL Keywords By | As | over | where | or | 2.Command chaining index ="AirBNB" | where Price > 40 index="AirBnB" Neighborhood Queens "Property Type"= Apartment | where Price >70 or Price =65 ________________________________________________________________ 3.SPL Filtering and Modifying Field Search Rename Fields : Add/Subtract fields that we want to show in our search index="AirBnB Neighborhood =Queens "Property Type"= Apartment | field -bed index="AirBnB Neighborhood =Queens "Property Type"= Apartment | field +bed,price search : searches for raw text index="AirBnB Neighborhood =Queens "Property Type"= Apartment | search large rename : rename a field for raw text index="AirBnB Neighborhood =Queens "Property Type"= Apartment | search large | rename Price as Cost ___________________________________________________...
Personnel Reference Blog