This query had less false positives than the first regex _raw but it still pulled up a lot of unwanted entries.

I am not sure why since it does not have any wildcards in between characters.

This query does not pull up any results. I have looked into match before and used "where like"; which did not pull up the correct results.

I know "where" looks for combinations of values, variables, operators, and functions that represent the value of the search parameters but I am getting lost in the syntax. It looks like you may use some regex within the second parameter of the function.

Could you explain the "where match" function? Maybe that may help in troubleshooting.

You are correct in that the second argument to match is a regular expression. In my example, we're looking for the letter 'g' followed by any number of '0' or 'o' characters and ending with 'gle'. Prepending the '(?i)' flag would make the expression case-insensitive.
Like you, I've had better results with like, but that won't work in this instance.

Thank you for the response and explanation. This ended up working.

I had to work with my field option and append some regex to get exactly what I needed.

This query pulls up all entries. For example, if I am looking up google.com, it pulls everything from IP's starting at zero to URL's starting with z.

I know the "+" symbol means one or more of that character, ".*" essentially means capture all, and "(?i) equates to case insensitive mode.

But it seems the search is pulling the string and every character in between.

Do you have the URL extracted as a field? Also, can you post some sample log entries including ones you want to match and one you don't want to match.