# Search 연산자 ## 개요 로그에서 다음 텍스트를 검색합니다 `검색`. ```kusto | search [not] <문자열 상수> [and|or ...]* ``` 보기 [문자열 데이터 유형](/ko/pantherflow/data-types.md#string) 인수를 형식화하는 방법에 대한 자세한 내용은 ## 예제 {% hint style="info" %} 예제 데이터 ```kusto let aws_alb = datatable [ {"p_event_time": "2023-09-16 05:45:34.863", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"}, {"p_event_time": "2023-09-16 05:59:04.058", "requestHttpMethod": "POST", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"}, {"p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/2.0", "sslCipher": "ECDHE-RSA-AES128-GCM-SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15"}, {"p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Opera/9.80 (X11; Linux i686; U; pl) Presto/2.6.30 Version/10.61"} ]; ``` {% endhint %} ### 문자열 검색 아래 쿼리는 다음 문자열을 포함하는 로그를 찾습니다 `GET`: ```kusto aws_alb | search 'GET' ``` | 이벤트 | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `{ "p_event_time": "2023-09-16 05:45:34.863", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" }` | | `{ "p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/2.0", "sslCipher": "ECDHE-RSA-AES128-GCM-SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15" }` | | `{ "p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Opera/9.80 (X11; Linux i686; U; pl) Presto/2.6.30 Version/10.61" }` | ### 복잡한 패턴 검색 아래 쿼리는 다음을 사용합니다 `및`, `또는` 및 `not` 복잡한 패턴을 검색하기 위해: ```kusto aws_alb | search ('GET' or 'POST') and not 'HTTP/1.1' and 'ECDHE' ``` | 이벤트 | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `{ "p_event_time": "2023-09-16 05:36:09.017", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/2.0", "sslCipher": "ECDHE-RSA-AES128-GCM-SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15" }` | ### 와일드카드 매칭을 사용한 검색 별표를 사용할 수 있습니다 `*` 와일드카드 매칭에: ```kusto aws_alb | search 'mozilla*chrome' ``` | 이벤트 | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `{ "p_event_time": "2023-09-16 05:45:34.863", "requestHttpMethod": "GET", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" }` | | `{ "p_event_time": "2023-09-16 05:59:04.058", "requestHttpMethod": "POST", "requestHttpVersion": "HTTP/1.1", "sslCipher": "TLS_AES_128_GCM_SHA256", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" }` | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/ko/pantherflow/operators/search.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.