Contribute in GitHub:
Edit online
!~ (not equals) operator
Filters a record set for data that does not match a case-insensitive string.
The following table provides a comparison of the == (equals) operators:
| Operator | Description | Case-Sensitive | Example (yields true) |
|---|---|---|---|
== |
Equals | Yes | "aBc" == "aBc" |
!= |
Not equals | Yes | "abc" != "ABC" |
=~ |
Equals | No | "abc" =~ "ABC" |
!~ |
Not equals | No | "aBc" !~ "xyz" |
For further information about other operators and to determine which operator is most appropriate for your query, see datatype string operators.
Case-insensitive operators are currently supported only for ASCII-text. For non-ASCII comparison, use the tolower() function.
Performance tips
Performance depends on the type of search and the structure of the data.
For faster results, use the case-sensitive version of an operator, for example, ==, not =~.
If you're testing for the presence of a symbol or alphanumeric word that is bound by non-alphanumeric characters at the start or end of a field, for faster results use has or in.
Syntax
T | where col !~ (expression)
Arguments
- T - The tabular input whose records are to be filtered.
- col - The column to filter.
- expression - Scalar or literal expression.
Returns
Rows in T for which the predicate is true.
Example
events
| project original_time, name
| where original_time > ago(5m)
| where name !~ "wInDoWs"
| count
Results
| Count |
|---|
| 5,736,746 |