This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

why do matchesValue and matchesPhrase give different results in this case?

Go to solution
GerryIsHere
Participant

‎20 Mar 2024 08:14 PM - last edited on ‎21 Mar 2024 10:30 AM by Community Team

Here are two queries, I don't understand why the results are different (same time period 24 hours):

fetch logs
| filter matchesPhrase(host.name, "tar04*")
| summarize collectDistinct(host.name)

tar045.dcmax.local
tar046.dcmax.local

fetch logs
| filter matchesValue(host.name, "tar04*")
| summarize collectDistinct(host.name)

tar040.dcmax.local
tar041.dcmax.local
tar045.dcmax.local
tar046.dcmax.local

 

Labels:
0 Kudos
Reply
3 REPLIES 3

Go to solution
cesarsaravia
Dynatrace Pro
Dynatrace Pro

‎20 Mar 2024 08:39 PM - edited ‎20 Mar 2024 08:40 PM

Hi @GerryIsHere 
The only difference between those functions are the validations that matchesPhrase realizes.

cesarsaravia_0-1710967005996.png

Tried to replicate your scenario with the same data, and in both cases the result is the same.

cesarsaravia_1-1710967134116.png

Could you get us more context?
Regards,

-César S. -
Reply

Go to solution
GerryIsHere
Participant
In response to cesarsaravia

‎20 Mar 2024 08:44 PM

the logs are from WebLogic servers, I think there is 1-2 million logs a day. If I run the queries just counting the number of logs matchesPhrase finds way fewer logs. The host.names are exactly as shown.

0 Kudos
Reply

Go to solution
GerryIsHere
Participant
In response to cesarsaravia

‎20 Mar 2024 08:45 PM

doesn't support mid-string wildcards, except some of the time when it does apparently!

Reply
Ask a question

Featured Posts