Azure - how to use or condition in kql - PhpOut

Aviator
July 28, 2024
142 views
0 votes
2 Answers

Trying to write a KQL query where results should come when the table column Rawdata either contains any of the strings – job1 or job2 :-

 Tablename 
 | where RawData contains "JOB1" OR "JOB2"

The above gives me errror, what is the right way to do it

Tags: azure azure-monitoring kql kqlmagic

Answers

- SteffenZeidler
- July 26, 2024 at 12:45 pm
- 0 votes
0
The right way to do it:
```
Tablename 
| where RawData contains "JOB1" or RawData contains "JOB2"
```
If "JOB1" and "JOB2" is a term then you can use the operator has_any
```
Tablename 
| where RawData has_any ("JOB1", "JOB2")
```
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/datatypes-string-operators#what-is-a-term
Login or Signup to reply.

- RakeshGovindula
- July 26, 2024 at 1:40 pm
- 0 votes
0
You can also use in() if you want to search through rows.
```
table
| where <column_name> in ("<word1>","<word2>");
```
In this case, the entire row of the column must match the given word, then only it will give the required output.

Demo:

If you want to get the results by matching certain words in the row, then you can use regex.
```
table
| where <column_name> matches regex '+job[12]+';
```
Demo:
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.