# where

**where** is similar to search, but it limits based on conditions, rather than looking at all the data. This make the query run much faster than using **search**

You can read the search chapter again 👇

{% content-ref url="/pages/GE0hut37I6gc4CtdrrWK" %}
[search](/kql/kql-quick-guide/my-favorites/search.md)
{% endcontent-ref %}

### 🔍 Search from a column

```
//use where
IntuneDevices
| where DeviceName contains "THINK"

//Use search
IntuneDevices
| search DeviceName: "THINK*"
```

### 🔍 Search from any column at the start

```
// use where
IntuneDevices
| where * hasprefix "MVP"  // At the start

//use search
IntuneDevices
| search * startswith "MVP" // At the start
```

### 🔍Search from any column at the end

```
// use where
IntuneDevices
| where * hassuffix "460"  // At the end

// use search
IntuneDevices
| search * endswith "460"  // At the end
```

### 🔍Search with regax

```
// use where
IntuneDevices
| where DeviceName matches regex "[A-Z]-"

//use search
IntuneDevices
| search DeviceName matches regex "[A-Z]-"
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sandyzeng.gitbook.io/kql/kql-quick-guide/my-favorites/where.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.