Field Interactions
Anywhere in the UI (Results panel, Fields panel, Inspection panel), you can click the ⋮ icon next to a field to get contextual menus for a series of interactions. Supported interactions depend on the Field Data Types of the selected field. The following image shows them all:
Figure 70. Field Interactions Options
Main interactions are:
Query editor. It works in any field interaction within the Fields panel and Inspection panel. It also works in the Event list when the data type is JSON or Log line.
— copies the value or the field's name, ready for you to paste into theYou can copy the field in different formats:
Further interactions are available no matter if the field selected is a value or a name:
array:contains()
query function to query data. It is only shown for JSON arrays. Two interactions are available:Event List, it is possible to filter for any user who has WRITE permissions, independent on where the WRITE value is in the array. The following query is applied when this interaction is selected:
filters events by requiring a string value to be present in the array. For example, given a list of users with different access permissions in thelogscalearray:contains("user.permissions[]", value=WRITE)
Event List, it is possible to filter any user who does not have WRITE permissions. The following query is applied when this interaction is selected:
allows for inverted filters, for example, it filters events by requiring a string value that is not present in the array. For example, given a list of users with different access permissions in thelogscalenot array:contains("user.permissions[]", value=WRITE)
Note
Because
array:contains()
checks for a single value at the time, you must run multiple Array interactions, if you wish to filter on multiple values in the array.
Note
Numbers that exceed the range of safe integers in Javascript are replaced in JSON by reading the associated LogScale value directly. This is to avoid that incorrect numbers are displayed. These replaced numbers are highlighted in JSON data to indicate that they might be wrong. For more information, see Troubleshooting: UI Warning: The actual value is different from what is displayed.
This is possible because interactions are made with fields where LogScale is able to detect what type the field is; for example, some fields are just strings that might be JSON: LogScale detects it as JSON, thus the option
→ will appear in the menu. Similarly, a field that looks like an URL will have the drill-down option → and it will split out the different parts of the URL.timeChart()
percentile query.
When you hover one of the available options under
timeChart(#repo)
to the
query.
Figure 71. Query Update Tooltip
Tip
Use SHIFT+click to add the suggested option to the query string without running a new search.