It would be great if we could select multiple fields using some kind of wildcard-matching (globbing) for query functions that take a field parameter accepting multiple fields [string].
This would be a huge help in building more dynamic queries where the available fields and their names vary, but share a pattern (for example after using parsejson() with a prefix, or JSON with multiple levels) without having to hard-code alle the possible fields.
Example:
table(field=[@timestamp, query*])
Would then give a table with @timestamp and all fields with names starting with query, if any.
It would be great if we could select multiple fields using some kind of wildcard-matching (globbing) for query functions that take a
fieldparameter accepting multiple fields[string].This would be a huge help in building more dynamic queries where the available fields and their names vary, but share a pattern (for example after using
parsejson()with a prefix, or JSON with multiple levels) without having to hard-code alle the possible fields.Example:
Would then give a table with
@timestampand all fields with names starting withquery, if any.