Fields

Fields play an important role within the Search interface. Fields may be available in the following areas:

Field Explorer
Fields that are faceted will appear in this column.
Event view
Clicking to expand on an event will show any fields that are available within.
Grid view
All available field names will be available as columns in the tabular view.
Trends
Only fields with numeric values are available for the statistic charts. Only fields with faceted values will be available for grouping series’ of results.

Field Explorer

Fields values

Click on a field name to see the top values. In order to filter your search results to see only events with a specific value, click a field value. You’ll see a Venn Diagram icon display & the filter will display below the search box. If more than one value is selected from a field, either of the two values may be within an event. If values from different fields are chosen, then both of the values must be present in an event.

Fields filter

Once a filter is selected, the search results & histogram will update, but the other field values will not. In order to see an effect within the field explorer box, add the filter as a search query term instead. In the previous screenshot, the filter: filter_apache_status is equivalent to a search query of: apache_status_searchbox

To remove a filter, click either on the value name in the left panel, or on the filter pill itself.

Thanks for the feedback! We'll use it to improve our support documentation.


Top