• our product
  • about us
  • blog
  • resources
  • careers
Contents Menu Expand Light mode Dark mode Auto light/dark mode
documentation
Light Logo Dark Logo

Getting started

  • Why Observe?
  • Introducing Observe Concepts

Managing your workspace

  • Navigating the workspace
    • Apps
    • Explore
    • Using Search, Bookmarks, and Notifications
    • Other
    • Settings
    • Help
  • Observe apps

Working with data

  • Ingesting and Exploring Data with Observe
  • Data ingestion
    • Sources
      • Amazon API Gateway logs
      • Amazon S3
      • AWS AppSync
      • AWS CloudTrail
      • Amazon EventBridge
      • Amazon GuardDuty
      • CloudWatch metrics streams
      • AWS CloudWatch Logs
      • GitHub
      • Google Workspace Audit Logs
      • Jira Tickets
      • Windows Servers
      • Zendesk Tickets
    • Forwarders
      • Amazon Kinesis Firehose
      • Elastic Beats
      • Fluent Bit
      • Fluentd
      • Google Cloud Pub/Sub
      • Log4j
      • Logstash
      • Observe Lambda
      • OpenTelemetry
      • Prometheus
      • Telegraf
    • Data streams
    • Endpoints
      • HTTP
      • DDTrace
      • Elasticsearch
      • Kinesis
      • LogPlex
      • OpenTelemetry
      • Prometheus
      • Zipkin
  • Observe integrations
    • AWS Integration
      • Amazon CloudFront
      • Amazon EC2
      • Amazon Elastic Container Service
        • Amazon Elastic Container Service metrics
      • Amazon RDS
        • Amazon RDS metrics
      • AWS Lambda
        • AWS Lambda metrics
      • Elastic Load Balancing
        • Elastic Load Balancing metrics
    • Jenkins App and Integration
      • Jenkins Integration installation guide
    • Kubernetes Integration
    • Host Monitoring
      • Host Monitoring installation guide
    • GCP app (Public Preview)
      • GCP Asset Inventory
      • GCP Logging
      • GCP Cloud Metrics
      • GCP Cloud Functions
        • GCP Cloud Functions metrics
      • GCP Cloud Load Balancing
        • GCP Cloud Load Balancing Metrics
      • GCP Cloud SQL
        • GCP Cloud SQL metrics
      • GCP Cloud Storage
        • Storage metrics
      • GCP Compute
        • Compute metrics
    • Node Exporter
  • Observe Datasets and Time
    • Foreign Keys
    • Resource Primary Keys
    • Resource Times
  • Tutorial: modeling weather data
  • Worksheets

Working with dashboards

  • Creating and using dashboards

Configuring monitors and alerts

  • Introduction to Monitors and Alerts
    • Alerting example: Channels, Channel Actions, and Monitors
    • Creating an Alert for Jira Tickets
    • Configuring Threshold metrics monitors
    • Creating a Count Monitor
    • Creating a Text Value monitor
    • Promoting resources into notifications
    • Monitor Notification Options
  • Overview of Channels and Channel Actions
    • Customizing alert messages
    • Channel Action Integrations
      • PagerDuty
      • Importing Auth0 logs using a Custom Webhook
      • Creating an Alert for Jira Tickets

Working with metrics

  • Introduction to Metrics

OPAL query Language

  • OPAL — Observe Processing and Analysis Language
    • Data types and operators
    • Language syntax
    • Performance
    • Examples
  • All OPAL verbs
    • OPAL Verbs By Category
      • OPAL Aggregate Verbs
        • aggregate
        • align
        • dedup
        • distinct
        • make_session
        • merge_events
        • rollup
        • statsby
        • timechart
        • bucketize
        • timestats
      • OPAL Filter Verbs
        • always
        • ever
        • filter
        • never
        • topk
      • OPAL Join Verbs
        • exists
        • flatten
        • flatten_all
        • flatten_leaves
        • flatten_single
        • follow
        • fulljoin
        • join
        • leftjoin
        • lookaround_join
        • lookup
        • surrounding
        • union
        • update_resource
      • OPAL Metadata Verbs
        • add_key
        • colenum
        • colimmutable
        • colshow
        • interface
        • make_event
        • make_resource
        • make_session
        • make_table
        • merge_events
        • set_label
        • set_link
        • set_metric
        • set_primary_key
        • set_pk
        • set_valid_from
        • set_valid_to
        • unset_all_links
        • unset_keys
        • unset_link
      • OPAL Metrics Verbs
        • aggregate
        • align
        • rollup
        • set_metric
      • OPAL Projection Verbs
        • drop_col
        • extract_regex
        • make_col
        • pick_col
        • rename_col
      • OPAL Semistructured Verbs
        • extract_regex
        • flatten
        • flatten_all
        • flatten_leaves
        • flatten_single
      • OPAL Deprecated Verb Aliases
        • addfk
        • addkey
        • addmetric
        • changelog
        • coldrop
        • colmake
        • colpick
        • colregex
        • colrename
        • droptime
        • fkdrop
        • flattenall
        • flattenleaves
        • flattensingle
        • makeresource
        • makesession
        • merge_event
        • mergeevent
        • reaggregate
        • setlabel
        • setpk
        • setvf
        • setvt
  • All OPAL functions
    • OPAL Functions By Category
      • OPAL Aggregate Functions
        • any
        • any_not_null
        • array_agg
        • array_agg_distinct
        • avg
        • count
        • count_distinct
        • count_distinct_exact
        • deriv
        • first
        • first_not_null
        • last
        • last_not_null
        • max
        • median
        • median_exact
        • min
        • object_agg
        • percentile
        • percentile_cont
        • percentile_disc
        • prom_quantile
        • rate
        • stddev
        • string_agg
        • string_agg_distinct
        • sum
      • OPAL Boolean Functions
        • bool
        • bool_null
        • contains
        • ends_with
        • eq
        • gt
        • gte
        • in
        • ipv4_address_in_network
        • is_null
        • like
        • lt
        • lte
        • match_regex
        • ne
        • path_exists
        • search
        • starts_with
      • OPAL Misc Functions
        • any_null
        • coalesce
        • editdistance
        • frame
        • frame_exact
        • if
        • if_null
        • order_by
        • parse_json
        • position
        • string
        • string_null
        • variant_type_name
      • OPAL Networking Functions
        • int64_to_ipv4
        • ipv4_address_in_network
        • ipv4_network_int64
        • ipv4_to_int64
        • parse_ip
      • OPAL Numeric Functions
        • abs
        • array_length
        • ceil
        • count
        • count_distinct
        • count_distinct_exact
        • dense_rank
        • deriv
        • exp
        • float64
        • float64_null
        • floor
        • hash
        • haversine_distance_km
        • int64
        • int64_null
        • int_div
        • ipv4_network_int64
        • ipv4_to_int64
        • ln
        • log
        • mod
        • numeric_null
        • parse_hex
        • percentile_disc
        • pow
        • prom_quantile
        • rank
        • rate
        • round
        • row_number
        • sqrt
        • strlen
        • width_bucket
      • OPAL Regex Functions
        • match_regex
        • match_regex_all
        • regex
        • replace_regex
      • OPAL Semistructured Functions
        • array
        • array_agg
        • array_agg_distinct
        • array_null
        • array_to_string
        • detect_browser
        • drop_fields
        • embed_sql_params
        • get_field
        • get_item
        • index_of_item
        • make_array
        • make_fields
        • make_object
        • match_regex
        • match_regex_all
        • object
        • object_agg
        • object_keys
        • object_null
        • parse_csv
        • parse_ip
        • parse_kvs
        • parse_url
        • path_exists
        • pick_fields
        • pivot_array
        • slice_array
        • split
        • tokenize
        • unpivot_array
      • OPAL Special Functions
        • case
        • group_by
        • m
        • metric
        • options
        • primary_key
        • pk
        • valid_for
        • window
      • OPAL String Functions
        • array_to_string
        • decode_base64
        • decode_uri
        • decode_uri_component
        • encode_base64
        • encode_uri
        • encode_uri_component
        • format_time
        • left
        • lower
        • lpad
        • ltrim
        • replace
        • replace_regex
        • right
        • rpad
        • rtrim
        • split_part
        • string_agg
        • string_agg_distinct
        • string_concat
        • substring
        • tokenize_part
        • trim
        • upper
      • OPAL Time Functions
        • avg
        • bin_end_time
        • bin_start_time
        • duration
        • duration_hr
        • duration_min
        • duration_ms
        • duration_null
        • duration_sec
        • format_time
        • from_milliseconds
        • timestamp_ms
        • from_nanoseconds
        • timestamp_ns
        • from_seconds
        • timestamp_s
        • median
        • median_exact
        • parse_isotime
        • percentile
        • percentile_cont
        • percentile_disc
        • query_end_time
        • query_start_time
        • row_end_time
        • row_timestamp
        • stddev
        • sum
        • timestamp_null
        • valid_for
      • OPAL Window Functions
        • any
        • any_not_null
        • avg
        • count
        • count_distinct
        • count_distinct_exact
        • dense_rank
        • deriv
        • first
        • first_not_null
        • lag
        • lag_not_null
        • last
        • last_not_null
        • lead
        • lead_not_null
        • max
        • median
        • median_exact
        • min
        • object_agg
        • percentile
        • percentile_cont
        • percentile_disc
        • rank
        • rate
        • row_number
        • stddev
        • sum
      • OPAL Deprecated Function Aliases
        • array_pivot
        • array_unpivot
        • countdistinct
        • countdistinctexact
        • decodebase64
        • denserank
        • encodebase64
        • endswith
        • groupby
        • ifnull
        • isnull
        • makeobject
        • medianexact
        • milliseconds
        • nanoseconds
        • orderby
        • parsehex
        • parseip
        • parseisotime
        • parsejson
        • parsekvs
        • parseurl
        • percentilecont
        • percentiledisc
        • primarykey
        • queryendtime
        • querystarttime
        • regex_match
        • regex_replace
        • row_endtime
        • rownumber
        • seconds
        • startswith
        • strcat
        • validfor

Reference

  • Observe Glossary
  • Helpful Hints
  • FAQ

Release Notes

  • Observe release notes and updates
    • 2022 release notes
      • September 1, 2022 release notes
      • September 7, 2022 release notes
      • September 14, 2022 release notes
      • September 22, 2022 release notes
      • September 28, 2022 release notes
      • August 3, 2022 release notes
      • August 10, 2022 release notes
      • August 17, 2022 release notes
      • August 24, 2022 release notes
      • July 13, 2022 release notes
      • July 20, 2022 release notes
      • July 27, 2022 release notes
      • June 2, 2022 release notes
      • June 15, 2022 release notes
      • May 11, 2022 release notes
      • May 18, 2022 release notes
      • May 25, 2022 release notes
      • April 6, 2022 release notes
      • April 20, 2022 release notes
      • April 27, 2022 release notes
      • March 2, 2022 release notes
      • March 9, 2022 release notes
      • March 16, 2022 release notes
      • February 2, 2022 release notes
      • February 9, 2022 release notes
      • February 17, 2022 release notes
      • January 5, 2022 release notes
      • January 12, 2022 release notes
      • January 19, 2022 release notes
    • 2021 release notes
      • December 1, 2021 release notes
      • December 8, 2021 release notes
      • December 15, 2021 release notes

search¶

Description¶

Return true if the for text is matched in the input string in (case-insensitive).

Return type¶

bool

Domain¶

This is a scalar function (calculates a single output value for a single input row.)

Categories¶

  • Boolean

Usage¶

search( in, for ... )

Argument

Type

Required

Multiple

in

string

Required

Only one

for

string

Required

Can be multiple

Examples¶

filter search(log, "ERROR")

Pass through all observations where field log contains the string ERROR.

Next
starts_with
Previous
path_exists
Copyright © 2022 Observe, Inc.

Have comments about the Observe docs?

Contents
  • search
    • Description
    • Return type
    • Domain
    • Categories
    • Usage
    • Examples