Solved: AND Operator in JSON

belicoff · ‎10-31-2017

I have a Log System which Logs in JSON Format Like these:
{
"API_Name": "Get ID Cards",
"End Point": "/write/api/v1.1/sequoiauser/idcards",
"UserID": "ABC-123",
"Response": "",
"Error": "Logos attachment retrieval Failed"
}

{
"API_Name": "Get ID Cards",
"End Point": "/write/api/v1.1/sequoiauser/idcards",
"UserID": "XYZ-123",
"Response": "{"url" : "http://some-url"}",
"Error" : null
}

Now I want to view all documents where UserID is "ABC-123" and API_Name is "Get ID Cards".
Can anyone let me know how to achieve this?
I have added KV_MODE as json.

"API_Name" : "Get ID Cards" AND "UserID" : "ABC-123" query list even the doc which has "UserID" : "XYZ-123"

alemarzu · ‎10-31-2017

Hi there @belicoff

Try like this.

your search | where UserID="ABC-123" AND API_Name="Get ID Cards"

View solution in original post

alemarzu · ‎10-31-2017

Hi there @belicoff

Try like this.

your search | where UserID="ABC-123" AND API_Name="Get ID Cards"

belicoff · ‎10-31-2017

Thanks, It Worked

AND Operator in JSON

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

AND Operator in JSON

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...