Displaying Fields

The Fields Panel on the left-hand side of the User Interface contains the following:

  • Columns lists those fields displayed in the results on the main Event List area. It must contain at least one column selected.

  • Fields lists all the other fields available for queries, which can be displayed by clicking +. Clicking the third column near each field will add a star (i.e., ★) and move the field to the top of known fields.

  • # indicates the number of distinct values observed for that field i.e., the field's cardinality.

  • % indicates the percentage of events that have this field.

  • 🔄 resets columns and removes the ones previously added.

  • three-dot menu to trigger Field Interactions.

  • Filter Fields allows searching of a field by typing its name in the box.

  • Fetch more allows getting more than the 200 events displayed by default.

    The fields presented after clicking this button are a representative subset of the data in the repository, but do not necessarily include all fields, as we don't look at all data: newer data is favored, so older data within your selected time interval is not likely to be returned.

    Conversely, if older and newer data have roughly the same fields, then the results will most likely be accurate because the data is relatively uniform.

    This behavior improves field statistics, as the fields presented in the Fields Panel might not be in the events you are currently looking at.

Fields Panel

Figure 48. Fields Panel

The Fields Panel can be expanded or collapsed:

Expanding the Fields Panel

Figure 49. Expanding the Fields Panel