How to edit my search to filter out results where ...

saqibhome · ‎03-20-2017

I have a search as follows:

(Referrer!="*bing*" AND Referrer!="*google*")

Note: Referrer is the http_referrer field from Apache Logs.

The above includes log entries that have the Referrer as blank and also the one that have a - (dash)

How can I filter out the entries that have dash and blanks as well? I tried the following but it didn't do the trick:

(Referrer!="*bing*" AND Referrer!="*google*" AND Referrer!="\\-" AND Referrer="*")

Please advise

woodcock · ‎03-20-2017

Like this:

 (Referrer!="*bing*" AND Referrer!="*google*" | where NOT like(Referrer,"%-%") AND NOT like(Referrer,"%*%")

richgalloway · ‎03-20-2017

Have you tried this?

(Referrer!="*bing*" AND Referrer!="*google*" AND Referrer!="-" AND Referrer!="")

---
If this reply helps you, Karma would be appreciated.

saqibhome · ‎03-20-2017

Yes, that doesn't filter out entries where the Referrer is set to - (dash)

How to edit my search to filter out results where the HTTP Referrer contains a Blank or a Dash?