Databases Reference
In-Depth Information
Using the field picker
The field picker is very useful for investigating and navigating data. Clicking on any
field in the field picker pops open a panel with a wealth of information about that
field in the results of your search.
Looking through the information, we observe:
•
Appears in X% of results
tells you how many events contain a value for
this field.
•
Show only events with this field
will modify the query to only show
events that have this field defined.
•
Select and show in results
is a shortcut for adding a field to your
selected fields.
•
Top values by time
and
Top values overall
present graphs about the
data in this search. This is a great way to dive into reporting and graphing.
We will use this as a launching point later.
• The chart below the links is actually a quick representation of the top values
overall. Clicking on a value adds that value to the query. Let's click on
mary
.
This will rerun the search, now looking for errors that affect only the user
mary
. Going back to the field picker and clicking on other fields will filter
the results even more. You can also click on words in the results, or values
of fields displayed underneath events.
Search WWH ::
Custom Search