New query keyword: IN
03 April 2022
Query based reports are here, and query based alerts are underway. To fully use this, queries should be easy. That is why you can now use
IN () and
NOT IN () as keyword.
Say you want a report of all websites that do not return a 201, 403 or 404 HTTP code. The old way (which still works) would be:
index=websites https_status!=201 AND https_status!=403
AND https_status!=404
The more values you want to select or exclude, the longer the query becomes. With the new keyword this query can be rewritten as:
index=websites https_status NOT IN(201, 403, 404)
Much better right?
