Applies to: ✅Microsoft Fabric✅Azure Data Explorer✅Azure Monitor✅Microsoft Sentinel
在多個數據表和數據行中搜尋文字模式。
Note
If you know the specific tables and columns you want to search, it's more performant to use the union and where operators.
search當搜尋大量的數據表和數據行時,運算子可能會很慢。
Syntax
[T|] search [kind=CaseSensitivity ] [in(TableSources)] SearchPredicate
Learn more about syntax conventions.
Parameters
| Name | 類型 | Required | Description |
|---|---|---|---|
| T | string |
The tabular data source to be searched over, such as a table name, a union operator, or the results of a tabular query. Can't be specified together with TableSources. | |
| CaseSensitivity | string |
旗標,控制所有 string 純量運算符的行為,例如 has,對於區分大小寫。 合法值為default、 case_insensitive、 case_sensitive 選項 default 和 case_insensitive 是同義字,因為預設行為不區分大小寫。 |
|
| TableSources | string |
要參與搜尋的「通配符」數據表名稱逗號分隔清單。 The list has the same syntax as the list of the union operator. Can't be specified together with tabular data source (T). | |
| SearchPredicate | string |
✔️ | 要針對輸入中每個記錄評估的布爾表達式。 如果傳回 true,則會輸出記錄。 請參閱 搜尋述詞語法。 |
Note
If both tabular data source (T) and TableSources are omitted, the search is carried over all unrestricted tables and views of the database in scope.
搜尋述詞語法
The SearchPredicate allows you to search for specific terms in all columns of a table. 套用至搜尋字詞的運算符取決於字詞中通配符星號 (*) 的存在和位置,如下表所示。
| Literal | Operator |
|---|---|
billg |
has |
*billg |
hassuffix |
billg* |
hasprefix |
*billg* |
contains |
bi*lg |
matches regex |
您也可以將搜尋限制為特定數據行、尋找完全相符專案,而不是字詞比對,或依正則表達式搜尋。 下表顯示上述每個案例的語法。
| Syntax | Explanation |
|---|---|
ColumnName:StringLiteral |
此語法可用來將搜尋限制為特定數據行。 默認行為是搜尋所有數據行。 |
ColumnName==StringLiteral |
此語法可用來針對字串值搜尋數據行的完全相符專案。 默認行為是尋找字詞比對。 |
Columnmatches regexStringLiteral |
This syntax indicates regular expression matching, in which StringLiteral is the regex pattern. |
使用布爾表達式結合條件並建立更複雜的搜尋。 例如,"error" and x==123會產生搜尋任何數據行中字詞error的記錄,以及數據行中的123值x。
搜尋述詞語法範例
| # | Syntax | 意義(對等 where) |
Comments |
|---|---|---|---|
| 1 | search "err" |
where * has "err" |
|
| 2 | search in (T1,T2,A*) "err" |
union T1,T2,A* |其中 * 有 “err” |
|
| 3 | search col:"err" |
where col has "err" |
|
| 4 | search col=="err" |
where col=="err" |
|
| 5 | search "err*" |
where * hasprefix "err" |
|
| 6 | search "*err" |
where * hassuffix "err" |
|
| 7 | search "*err*" |
where * contains "err" |
|
| 8 | search "Lab*PC" |
where * matches regex @"\bLab.*PC\b" |
|
| 9 | search * |
where 0==0 |
|
| 10 | search col matches regex "..." |
where col matches regex "..." |
|
| 11 | search kind=case_sensitive |
所有字串比較都會區分大小寫 | |
| 12 | search "abc" and ("def" or "hij") |
where * has "abc" and (* has "def" or * has hij") |
|
| 13 | search "err" or (A>a and A<b) |
where * has "err" or (A>a and A<b) |
Remarks
Unlike the find operator, the search operator doesn't support the following syntax:
-
withsource=:輸出一律包含名為$table類型的數據行string,其值為從中擷取每個記錄的數據表名稱(如果來源不是數據表,而是複合表達式,則為某些系統產生的名稱)。 -
project=,project-smart:search運算子不支援自訂輸出數據行的這些選項。 相反地,它會自動為輸出選取一組相關的數據行,這相當於 運算符中project-smart選項所擷find取的數據行集合。
Examples
The examples in this article use publicly available tables in the help cluster, such as the
StormEventstable in the Samples database.
The examples in this article use publicly available tables, such as the
Weathertable in the Weather analytics sample gallery. 您可能需要修改範例查詢中的資料表名稱,以符合工作區中的資料表。
下列範例示範如何執行全域字詞搜尋。 Search for the term Green in all the tables of the ContosoSales database.
The output finds records with the term Green as a last name or a color in the Customers, Products, and SalesTable tables.
search "Green"
Output
| $table | CityName | ContinentName | CustomerKey | Education | FirstName | Gender | LastName |
|---|---|---|---|---|---|---|---|
| Customers | Ballard | 北美洲 | 16549 | Partial College | Mason | M | Green |
| Customers | Bellingham | 北美洲 | 2070 | High School | Adam | M | Green |
| Customers | Bellingham | 北美洲 | 10658 | Bachelors | Sara | F | Green |
| Customers | Beverly Hills | 北美洲 | 806 | Graduate Degree | Richard | M | Green |
| Customers | Beverly Hills | 北美洲 | 7674 | Graduate Degree | James | M | Green |
| Customers | Burbank | 北美洲 | 5241 | Graduate Degree | Madeline | F | Green |
下列範例示範如何執行條件式全域字詞搜尋。 Search for records that contain the term Green and one of either terms Deluxe or Proseware in the ContosoSales database.
search "Green" and ("Deluxe" or "Proseware")
Output
| $table | ProductName | Manufacturer | ColorName | ClassName | ProductCategoryName |
|---|---|---|---|---|---|
| Products | Contoso 8GB 時鐘 & 無線電 MP3 播放器 X850 綠色 | Contoso, Ltd | Green | Deluxe | Audio |
| Products | 散文軟體掃描噴氣數位平面床掃描器 M300 綠色 | Proseware, Inc. | Green | Regular | Computers |
| Products | Proseware 全In-One 照片印表機 M200 綠色 | Proseware, Inc. | Green | Regular | Computers |
| Products | Proseware 噴墨無線全In-One 印表機 M400 綠色 | Proseware, Inc. | Green | Regular | Computers |
| Products | Proseware 噴墨即時 PDF Sheet-Fed 掃描儀 M300 綠色 | Proseware, Inc. | Green | Regular | Computers |
| Products | Proseware Desk Jet 多合一印表機、掃描器、影印機 M350 綠色 | Proseware, Inc. | Green | Regular | Computers |
| Products | Proseware 雙工掃描器 M200 綠色 | Proseware, Inc. | Green | Regular | Computers |
下列範例示範如何在特定數據表內搜尋字詞。
Search for the term Green only in the Customers table.
search in (Products) "Green"
Output
| $table | ProductName | Manufacturer | ColorName |
|---|---|---|---|
| Products | Contoso 4G MP3 播放器 E400 綠色 | Contoso, Ltd | Green |
| Products | Contoso 8GB Super-Slim MP3/視訊播放器 M800 綠色 | Contoso, Ltd | Green |
| Products | Contoso 16GB Mp5 播放器 M1600 綠色 | Contoso, Ltd | Green |
| Products | Contoso 8GB 時鐘 & 無線電 MP3 播放器 X850 綠色 | Contoso, Ltd | Green |
| Products | NT 無線藍牙立體聲耳機 M402 綠色 | Northwind Traders | Green |
| Products | NT 無線傳輸器和藍牙耳機 M150 綠色 | Northwind Traders | Green |
下列範例示範如何搜尋區分大小寫的字詞。 Search for records that match the case-sensitive term in the ContosoSales database.
search kind=case_sensitive "blue"
Output
| $table | ProductName | Manufacturer | ColorName | ClassName |
|---|---|---|---|---|
| Products | Contoso 16GB 新一代 MP5 播放器 M1650 藍色 | Contoso, Ltd | blue | Regular |
| Products | Contoso Bright Light 電池 E20 藍色 | Contoso, Ltd | blue | Economy |
| Products | Litware 120mm 藍色 LED 機殼風扇 E901 藍色 | Litware, Inc. | blue | Economy |
| NewSales | Litware 120mm 藍色 LED 機殼風扇 E901 藍色 | Litware, Inc. | blue | Economy |
| NewSales | Litware 120mm 藍色 LED 機殼風扇 E901 藍色 | Litware, Inc. | blue | Economy |
| NewSales | Litware 120mm 藍色 LED 機殼風扇 E901 藍色 | Litware, Inc. | blue | Economy |
| NewSales | Litware 120mm 藍色 LED 機殼風扇 E901 藍色 | Litware, Inc. | blue | Economy |
下列範例示範如何搜尋特定數據行中的字詞。 Search for the terms Aaron and Hughes, in the "FirstName" and "LastName" columns respectively, in the ContosoSales database.
search FirstName:"Aaron" or LastName:"Hughes"
Output
| $table | CustomerKey | Education | FirstName | Gender | LastName |
|---|---|---|---|---|---|
| Customers | 18285 | High School | Riley | F | Hughes |
| Customers | 802 | Graduate Degree | Aaron | M | Sharma |
| Customers | 986 | Bachelors | Melanie | F | Hughes |
| Customers | 12669 | High School | Jessica | F | Hughes |
| Customers | 13436 | Graduate Degree | Mariah | F | Hughes |
| Customers | 10152 | Graduate Degree | Aaron | M | Campbell |
下列範例示範如何使用時間戳搜尋字詞。 Search for the term Hughes in the ContosoSales database, if the term appears in a record with a date greater than the given date in 'datetime'.
search "Hughes" and DateKey > datetime('2009-01-01')
Output
| $table | DateKey | SalesAmount_real |
|---|---|---|
| SalesTable | 2021-12-13T00:00:00Z | 446.4715 |
| SalesTable | 2021-12-13T00:00:00Z | 120.555 |
| SalesTable | 2021-12-13T00:00:00Z | 48.4405 |
| SalesTable | 2021-12-13T00:00:00Z | 39.6435 |
| SalesTable | 2021-12-13T00:00:00Z | 56.9905 |
Performance Tips
| # | Tip | Prefer | Over |
|---|---|---|---|
| 1 | 偏好使用單 search 一運算子超過數個連續 search 運算符 |
search "billg" and ("steveb" or "satyan") |
搜尋 “billg” |搜尋 “steveb” 或 “satyan” |
| 2 | 偏好在運算子內 search 篩選 |
search "billg" and "steveb" |
search * |其中 * 有 “billg” 且 * 有 “steveb” |