Hello. Why event.code has string type and not number by default?Thats why i can't properly filter. If you filter by 7 - you find a lot of - 4557, 4755, 4575 and so on. Also, you cant use ranges.
Hello, event.code is of datatype keyword because not all event sources use numeric event codes.
If you need this value as a numeric, you're more than welcome to duplicate the value to a custom field of your choice, using the datatype of your choice 
Note that with the keyword field you can do wildcards: event.code:45* will match 45, 455, 4557, 4575
Another option if you're looking for a very specific list of values is to pass in the exact list: event.code:(4557 or 4755 or 4575). You can learn more here
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.