What is the result of the following search?
index=myindex source=c:\mydata.txt NOT error=*
What is the result of the following search?
index=myindex source=c:\mydata.txt NOT error=*
The search query index=myindex source=c:\mydata.txt NOT error=* will return events from the 'myindex' index, where the source is 'c:\mydata.txt' and the 'error' field is not present. The condition 'NOT error=*' filters out events that have any value in the 'error' field, which means it will only include events where the 'error' field does not exist.
I think is correct
B pdf page 55
The search index=myindex source=c:\mydata.txt NOT error=* will return events from the "myindex" index, where the source is "c:\mydata.txt" and the "error" field is not present. The "NOT error=*" condition filters out events that have any value in the "error" field, leaving only events that do not contain the "error" field.