Fuzzy search all fields

Problem / use case

Need to locate a string in logs when you’re not sure which key holds it.

$d ~~ 'eu-west'

Searches all top-level fields for the substring eu-west and returns matching events.

{
  "region": "eu-west-1a",
  "message": "Instance deployed"
}

Any document that contains the term anywhere among its root-level keys surfaces in the result set.

$d ~~ 'timeout' 
| filter $m.severity == 'Error'

$d ~~ /\beu-west\b/

Wild-text vs. field-specific Prefer $d ~~ when you truly don’t know the location; otherwise use field ~ 'text' for better performance.

$d ~~ '<text>' is for free-text hunting across every root field—quick, broad, and perfect when the key is a mystery.