on an undefined value ... SELECT 'app_exception' AS title, count(*) AS count, last(_hostname) AS _hostname, last(message) AS message FROM app.win:time_batch(1 min) WHERE (message LIKE '%Caught exception%' OR message LIKE '%error:%' OR message LIKE '%limit exceeded:%') AND (message NOT LIKE '%[INFO]%') ͜ͷΫΤϦͰϚον͢Δͱ1ʹ1௨͕དྷΔ