index="things" AND sourcetype="user_pixel" AND os="*" | search page = "Contact Us" | timechart span=3hr count by os limit=7
Vs
index="things" AND sourcetype="user_pixel" AND os="*" | search page in ("Contact Us") | timechart span=3hr count by os limit=7
The first query gives many results as expected, the second gives nothing.
My ultimate goal is to use a dashboard multi-select to apply this filter. However; first I need to get the "in" function to work correctly. What am I doing wrong?
↧