Replace slanted quotation marks with straight ones

Author: jpipkin1

docs/search/optimize-search-performance.md

@@ -96,21 +96,21 @@ sourceCategory=foo and field_a=value_a
 
 ### Move terms from parse statement to source expression
 
-Adding the parsing terms in the source expression will help you enhance the search performance. A parse statement without `nodrop` drops the logs that could not parse the desired field. For example, `parse “completed * action“ as actionName` will remove logs that do not have **completed** and **action** terms. 
+Adding the parsing terms in the source expression will help you enhance the search performance. A parse statement without `nodrop` drops the logs that could not parse the desired field. For example, `parse "completed * action" as actionName` will remove logs that do not have **completed** and **action** terms. 
 
 **Not recommended approach:**
 
 ```
 _sourceCategory=Prod/User/Eventlog
-| parse “completed * action“ as actionName
+| parse "completed * action" as actionName
 | count by actionName
 ```
 
 **Recommended approach:**
 
 ```
 _sourceCategory=Prod/User/Eventlog completed action
-| parse “completed * action“ as actionName
+| parse "completed * action" as actionName
 | count by actionName
 ```
 
@@ -122,7 +122,7 @@ While filtering the date, reduce the result set to the smallest possible size be
 
 ```
 _sourceCategory=Prod/User/Eventlog
-| parse “userName: *, “ as user
+| parse "userName: *, " as user
 | count by user
 | where user="john"
 ```
@@ -131,7 +131,7 @@ _sourceCategory=Prod/User/Eventlog
 
 ```
 _sourceCategory=Prod/User/Eventlog userName
-| parse “userName: *, “ as user
+| parse "userName: *, " as user
 | where user="john"
 | count by user
 ```
@@ -146,16 +146,16 @@ For example, let’s say you have a `sort` operator before an aggregation, but t
 
 ```
 _sourceCategory=Prod/User/Eventlog
-| parse “userName: *, “ as user
-| parse “evenName: *, “ as event
+| parse "userName: *, " as user
+| parse "evenName: *, " as event
 | count by user
 ```
 
 **Recommended approach:**
 
 ```
 _sourceCategory=Prod/User/Eventlog
-| parse “userName: *, “ as user
+| parse "userName: *, " as user
 | count by user
 ```
 
@@ -169,16 +169,16 @@ If the same operators are used multiple times in different levels of query, if p
 
     ```
     _sourceCategory=Prod/User/Eventlog
-    | parse “completed * action“ as actionName
-    | parse “action in * ms“ as duration
+    | parse "completed * action" as actionName
+    | parse "action in * ms" as duration
     | pct(duration, 95) by actionName
     ```
 
     **Recommended approach:**
 
     ```
     _sourceCategory=Prod/User/Eventlog
-    | parse “completed * action in * ms“ as actionName, duration
+    | parse "completed * action in * ms" as actionName, duration
     | pct(duration, 95) by actionName
     ```
 
@@ -188,17 +188,17 @@ If the same operators are used multiple times in different levels of query, if p
 
     ```
     _sourceCategory=Prod/User/Eventlog
-    | parse “completed * action“ as actionName
-    | where toLowerCase(actionName) = “logIn” or toLowerCase(actionName) matches “abc*” or toLowerCase(actionName) contains “xyz"
+    | parse "completed * action" as actionName
+    | where toLowerCase(actionName) = "logIn” or toLowerCase(actionName) matches "abc*” or toLowerCase(actionName) contains "xyz"
     ```
 
     **Recommended approach:**
 
     ```
     _sourceCategory=Prod/User/Eventlog
-    | parse “completed * action“ as actionName
+    | parse "completed * action" as actionName
     | toLowerCase(actionName) as actionNameLowered
-    | where actionNameLowered = “logIn” or actionNameLowered matches “abc*” or actionNameLowered contains “xyz”
+    | where actionNameLowered = "logIn” or actionNameLowered matches "abc*” or actionNameLowered contains "xyz”
     ```
 
 ### Use lookup on the lowest possible dataset
@@ -212,18 +212,18 @@ Minimize the data processed by the `lookup` operator in the query, as lookup is
 
 ```
 _sourceCategory=Prod/User/Eventlog
-| parse “completed * action in * ms“ as actionName, duration
+| parse "completed * action in * ms" as actionName, duration
 | lookup actionType from path://"/Library/Users/[email protected]/actionTypes" on actionName
-| where actionName in (“login”, “logout”)
+| where actionName in ("login”, "logout”)
 | count by actionName, actionType
 ```
 
 **Recommended approach (Option 1):**
 
 ```
 _sourceCategory=Prod/User/Eventlog
-| parse “completed * action in * ms“ as actionName, duration
-| where actionName in (“login”, “logout”)
+| parse "completed * action in * ms" as actionName, duration
+| where actionName in ("login”, "logout”)
 | count by actionName
 | lookup actionType from path://"/Library/Users/[email protected]/actionTypes" on actionName
 ```
@@ -232,8 +232,8 @@ _sourceCategory=Prod/User/Eventlog
 
 ```
 _sourceCategory=Prod/User/Eventlog
-| parse “completed * action in * ms“ as actionName, duration
-| where actionName in (“login”, “logout”)
+| parse "completed * action in * ms" as actionName, duration
+| where actionName in ("login”, "logout”)
 | lookup actionType from path://"/Library/Users/[email protected]/actionTypes" on actionName
 | count by actionName, actionType 
 ```
@@ -246,15 +246,15 @@ For example, consider the below query where the assumption is that a single log
 
 ```
 _sourceCategory=Prod/User/Eventlog
-| parse regex “userName: (?<user>[a-z-A-Z]+), “ multi
-| parse regex “eventName: (?<event>[a-z-A-Z]+), “ multi
+| parse regex "userName: (?<user>[a-z-A-Z]+), " multi
+| parse regex "eventName: (?<event>[a-z-A-Z]+), " multi
 ```
 
 But if you write the query like that, it will generate a result for every combination of `userName` and `eventName` values. Now suppose you want to count by `eventName`, it will not give you the desired result, since a single `eventName` has been duplicated for every `userName` in the same log. So, the better query would be:
 
 ```
 _sourceCategory=Prod/User/Eventlog
-| parse regex “userName: (?<user>[a-z-A-Z]+), eventName: (?<event>[a-z-A-Z]+), “ multi
+| parse regex "userName: (?<user>[a-z-A-Z]+), eventName: (?<event>[a-z-A-Z]+), " multi
 ```