반품
-
제목
NVPAIR "not equal" search in SSB -
설명
When searching any .SDATA NVPAIR, equal operator (=) works in search but not equal operator like ( =, <>, nq etc.) does not work in the complex search on SSB.
Example:
Working Example
nvpair:.sdata.event.system.provider._name=securitycenter
Not working example:
nvpair:.sdata.event.system.provider._name!=securitycenter
nvpair:.sdata.event.system.provider._name<>securitycenter
-
원인
NVPAIR search does not work with not equal operator (!= or <>) in SSB
-
해결 방안
Solution to this not equal NVPAIR search problem is to use NOT operator at the front with NVPAIR equal example.
Syntax:
NOT nvpair:<NAME>=<value>
Example:
NOT nvpair:.sdata.event.system.provider._name=securitycenter
Note: Do not use quotation ("" or ") in the NVPAIR search. -
추가 정보
For more information, please check the section "Using complex search queries" in Syslog-ng Store Box Administration guide. https://support.oneidentity.com/technical-documents/syslog-ng-store-box/6.10.0/administration-guide/56#TOPIC-1819455