+4Hi all,
Can anyone help me with this query?
I need to fetch cases that have the tag “xyz”. Some cases contain multiple tags stored together, like “ABC, xyz, qwerty”.
At the moment, I’m unable to retrieve cases where “xyz” appears as part of a multi-tag value.
Any suggestions would be appreciated.
+12Try this:
any case.tags.name = "xyz"
case.tags.name = $tag
match:
case.display_name
outcome:
$tags = array_distinct($tag)
+4Hi
+12Are you trying this in Search? For the time being, the case data source is not supported in Search. However, this should work in dashboards. In my case I replaced ‘xyz’ in the query with ‘gemini’ and I return the following (multi-tag value in row 1). If that doesn’t work, please let me know. If it does, should be able to change the query to return other fields of interest as well, ex. maybe you want to add date to the match section.
+12actually there is an issue with data sync
Query is ok then? Some other issue?
+4Yes sir
query is right .
i checked in 2 SecOps instances
its working in one and in another instances its not
basically the in ui a case has multiple tag but the same case in backend is missing those tags
data in ui and backend is totally different due to data sync issue
thank you for answering
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
