This topic describes three methods to implement fuzzy match.

Include wildcard characters in query statements to implement fuzzy match

An asterisk (*) indicates zero or more occurrences of characters. A question mark (?) indicates one occurrence of a character. For example, abc* indicates that a word is matched if the word starts with abc. ab? d indicates that a word is matched if the word starts with ab, ends with d, and contains one character in between. For more information, see Query syntax.
Note If you use wildcard characters to implement fuzzy match, a maximum of 100 words are matched. The returned data is the log entries that include the matched words. If the prefix is short, the number of matched words may exceed 100. In this case, only a part of matched log entries are returned. In addition, if you combine the NOT clause with wildcard characters, only a part of words can be filtered. For example, if you execute the not abcd* statement, words that start with abcd are still returned.

Use the LIKE clause to implement fuzzy match

The LIKE clause complies with the standard SQL LIKE syntax. The percent sign (%) in the LIKE clause indicates zero or more occurrences of characters. The underscore (_) indicates one occurrence of a character.

Example: To query log entries that include fields whose names start with abcd, execute the following statement:
* | select * from log where key like 'abcd%'

Use regular expression functions to implement fuzzy match

You can specify a regular expression in a regular expression function to match multiple words. Regular expressions can match characters and digits. They can better satisfy your business requirements. For more information, see Regular expression functions.

Examples:
  • * | select * from log where regexp_like(key, abc*): returns the words that start with abc.
  • * | select * from log where regexp_like(key, abc\d+): returns the words that start with abc. In addition, abc is followed by digits.
  • * | select * from log where regexp_like(key, abc[xyz]): returns the words that start with abc. In addition, abc is followed by x,y, or z.