While != does mean not equal to, the answer here is NO. error_log status !=100 will return events that have the field error_log status but exclude events where the field value is 100.
on the other hand error_log NOT status =100 would potentially return events that do mention error_log but not error_log status
Answer is No. I can run a query to search httpCode!=200 and get no results (most likely 200's which is good). I rerun as NOT httpCode=200 and get a couple events rendering no httpCode but instead a loglevel. Odd but think it is the reason help view any events which are not registering a particular field. Again, just a thought on reason this should be "No".
Hello I'm Leandro from Argentina, i think the answer could be YES!
• Does != and NOT ever yield the same results?
– Yes, if you know the field you’re evaluating always exists in the data
you’re searching
– For example:
index=web sourcetype=access_combined status!=200
index=web sourcetype=access_combined NOT status=200
yields same results because status field always exists in
access_combined sourcetype
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ja5656
8 months, 3 weeks agoNanila
1 year, 11 months agocelticspike
1 year, 9 months agoreyangelo
2 years agoTeeCeeP
2 years, 1 month agoLeandroJ
2 years, 1 month agogcalcaterra
2 years, 1 month ago