Best practices for queries used in log alert rules
Queries can start with either a table name like search or union operators. These commands are useful during data exploration and for searching terms over the entire data model. However, these operators are not efficient for productization in alerts.