Binary operators
Binary operators


Equality
Equality


Supported types:

Inequality !=
Inequality !=


Supported types:

Less than <
Less than <


Supported types:

Less than or equal to <=
Less than or equal to <=


Supported types:

Greater than >
Greater than >


Supported types:

Greater than or equal to >=
Greater than or equal to >=


Supported types:

Add +
Add +


Supported types:

Subtract -
Subtract -


Supported types:

Multiply *
Multiply *


Supported types:

Divide /
Divide /


Supported types:

Modulus %
Modulus %


Supported types:

Unary operators
Unary operators

The only unary operators is negation (-):
Supported types:

Logical operators
Logical operators

The following logical operators are supported:
AND
OR
NOT

IS NULL and IS NOT NULL predicates
IS NULL and IS NOT NULL predicates

For NULL comparison, use the IS NULL and IS NOT NULL predicates:
```esql
FROM employees
| WHERE birth_date IS NULL
| KEEP first_name, last_name
| SORT first_name
| LIMIT 3
```

```esql
FROM employees
| WHERE is_rehired IS NOT NULL
| STATS COUNT(emp_no)
```

CIDR_MATCH
CIDR_MATCH

Syntax
CIDR_MATCH(ip, block1[, ..., blockN])
Parameters
ip
IP address of type ip (both IPv4 and IPv6 are supported).
blockX
CIDR block to test the IP against.
DescriptionReturns true if the provided IP is contained in one of the provided CIDR
blocks.Example
```esql
FROM hosts
| WHERE CIDR_MATCH(ip1, "127.0.0.2/32", "127.0.0.3/32")
| KEEP card, host, ip0, ip1
```

ENDS_WITH
ENDS_WITH


Returns a boolean that indicates whether a keyword string ends with another
string:
```esql
FROM employees
| KEEP last_name
| EVAL ln_E = ENDS_WITH(last_name, "d")
```

Supported types:

IN
IN

The IN operator allows testing whether a field or expression equals
an element in a list of literals, fields or expressions:
```esql
ROW a = 1, b = 4, c = 3
| WHERE c-a IN (3, b / 2, a)
```

IS_FINITE
IS_FINITE

Returns a boolean that indicates whether its input is a finite number.
ROW d = 1.0
| EVAL s = IS_FINITE(d/0)

IS_INFINITE
IS_INFINITE

Returns a boolean that indicates whether its input is infinite.
ROW d = 1.0
| EVAL s = IS_INFINITE(d/0)

IS_NAN
IS_NAN

Returns a boolean that indicates whether its input is not a number.
```esql
ROW d = 1.0
| EVAL s = IS_NAN(d)
```

LIKE
LIKE

Use LIKE to filter data based on string patterns using wildcards. LIKE
usually acts on a field placed on the left-hand side of the operator, but it can
also act on a constant (literal) expression. The right-hand side of the operator
represents the pattern.The following wildcard characters are supported:
* matches zero or more characters.
? matches one character.
```esql
FROM employees
| WHERE first_name LIKE "?b*"
| KEEP first_name, last_name
```

RLIKE
RLIKE

Use RLIKE to filter data based on string patterns using using
regular expressions. RLIKE usually acts on a field placed on
the left-hand side of the operator, but it can also act on a constant (literal)
expression. The right-hand side of the operator represents the pattern.
```esql
FROM employees
| WHERE first_name RLIKE ".leja.*"
| KEEP first_name, last_name
```

STARTS_WITH
STARTS_WITH


Returns a boolean that indicates whether a keyword string starts with another
string:
```esql
FROM employees
| KEEP last_name
| EVAL ln_S = STARTS_WITH(last_name, "B")
```

Supported types:
