We are getting unwanted sub folders when we search for a particular sub folder
I am creating a query which displays the file system for a particular folder. But I am getting all the folder names instead of a particular folder name alone.
Consider, in server xyz, we are having n number of file system (example, /, /var, /var/abc, /var/abc/cde, etc. ). When I am searching for /var alone by giving that in query, it displays /var and all the sub folders in it. But that is not as expected.
Query: index=" " sourcetype= " " mn=/ OR /var | eval Usage=replace(Used,"%","") | timechart values(usage) as Used by mn
note: mn means the file system name
Expected output: Chart should show only / and /var file systems.
Output we are getting now: Chart should show only / and /var and /var/abc and /var/abc/cde