Displaying Fields

The Fields panel on the left-hand side of the User Interface (available from the Search page) contains the following:

  • Columns lists those fields displayed in the Event list in the Results panel. It must contain at least one column selected.

  • Fields lists all the other fields available for queries, which can be displayed by clicking +. Clicking the third column near each field will add a star (for example ★) and move the field to the top of known fields.

  • # indicates the number of distinct values observed for that field, for example the field's cardinality.

  • % indicates the percentage of events that have this field.

  • 🔄 resets columns and removes the ones previously added.

  • three-dot menu to trigger Field Interactions.

  • Filter fields allows searching of a field by typing its name in the field.

  • Fetch more allows getting more than the 200 events displayed by default.

    The fields presented after clicking this button are a representative subset of the data in the repository, but do not necessarily include all fields, as we do not look at all data: newer data is favored, so older data within your selected time interval is not likely to be returned.

    Conversely, if older and newer data have roughly the same fields, then the results will most likely be accurate because the data is relatively uniform.

    This behavior improves field statistics, as the fields presented in the Fields panel might not be in the events you are currently looking at.

Fields Panel

Figure 53. Fields Panel

The Fields panel can be expanded and collapsed by clicking the arrow next to it.

Expanding the Fields Panel

Figure 54. Expanding the Fields Panel