> For the complete documentation index, see [llms.txt](https://docs.panther.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.panther.com/ko/pantherflow/operators/search.md). # Search 연산자 ## 개요 로그에서 다음 텍스트가 포함된 항목을 검색 `검색`. ```kusto | search [not] [and|or ...]* ``` 참조 [문자열 데이터 형식](/ko/pantherflow/data-types.md#string) 인수 형식을 지정하는 방법에 대한 자세한 내용은. ## 예시 {% hint style="info" %} 예제 데이터 ```kusto let aws_alb = datatable [ {"p_event_time": "2023-09-16 05:45:34.863", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}, {"p_event_time": "2023-09-16 05:59:04.058", "requestHttpMethod": "POST", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"}, {"p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/2.0", "sslCipher": "ECDHE-RSA-AES128-GCM-SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15"}, {"p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Opera/9.80 (X11; Linux i686; U; pl) Presto/2.6.30 Version/10.61"} ]; ``` {% endhint %} ### 문자열 검색 아래 쿼리는 문자열을 포함하는 로그를 찾습니다 `GET`: ```kusto aws_alb | search 'GET' ``` | 이벤트 | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `{ "p_event_time": "2023-09-16 05:45:34.863", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" }` | | `{ "p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/2.0", "sslCipher": "ECDHE-RSA-AES128-GCM-SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15" }` | | `{ "p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Opera/9.80 (X11; Linux i686; U; pl) Presto/2.6.30 Version/10.61" }` | ### 복잡한 패턴 검색 아래 쿼리는 `그리고`, `또는` 그리고 `이 아니라` 복잡한 패턴을 검색하는 데 사용합니다: ```kusto aws_alb | search ('GET' or 'POST') and not 'HTTP/1.1' and 'ECDHE' ``` | 이벤트 | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `{ "p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/2.0", "sslCipher": "ECDHE-RSA-AES128-GCM-SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15" }` | ### 와일드카드 일치 검색 별표를 사용할 수 있습니다 `*` 와일드카드 일치를 위해: ```kusto aws_alb | search 'mozilla*chrome' ``` | 이벤트 | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `{ "p_event_time": "2023-09-16 05:45:34.863", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" }` | | `{ "p_event_time": "2023-09-16 05:59:04.058", "requestHttpMethod": "POST", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" }` | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/ko/pantherflow/operators/search.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.