Displaying Fields
The Fields panel on the left-hand side of the User Interface (available from the page) contains the following:
Columns lists those fields displayed in the Event list in the Results panel. It must contain at least one column selected.
Fields lists all the other fields available for queries, which can be displayed by clicking . Clicking the third column near each field will add a star (for example ★) and move the field to the top of known fields.
# indicates the number of distinct values observed for that field, for example the field's cardinality.
% indicates the percentage of events that have this field.
🔄 resets columns and removes the ones previously added.
⋮ three-dot menu to trigger Field Interactions.
Filter fields allows searching of a field by typing its name in the field.
The fields presented after clicking this button are a representative subset of the data in the repository, but do not necessarily include all fields, as we do not look at all data: newer data is favored, so older data within your selected time interval is not likely to be returned.
Conversely, if older and newer data have roughly the same fields, then the results will most likely be accurate because the data is relatively uniform.
This behavior improves field statistics, as the fields presented in the Fields panel might not be in the events you are currently looking at.
Figure 51. Fields Panel
The Fields panel can be expanded and collapsed by clicking the arrow next to it.
Figure 52. Expanding the Fields Panel