Manage Fields

You can manage fields from two different areas of the web interface: the Fields panel and the Format panel.

The Fields panel allows you to:

  • Display all fields, see Display Fields for more information.

  • Select individual fields to search and filter on those fields. Click a field to open a resizable flyout that shows the list of values for that field and the number of occurrences for each value:

    Select Fields

    Figure 82. Select Fields


    When the menu is opened during live queries, the Fields panel flyout will display a fixed list of top values. These top values are kept from the point in time when the menu was opened. See Field Interactions for more information.

  • Exclude () or include (⊜) fields. This is done through the flyout popping up when you select a field.

  • Access several filtering options. Click the three-dot icon next to a field:

    Filtering Options

    Figure 83. Filtering Options


    For example, you can select AggregateGroup by value to group events by the value of that field, or TimechartUse field as series to run the timeChart() function in the Query editor and show events that have that field grouped into series and plotted in a timechart.

  • Add and remove fields to optimize the data visualized: click the + or - signs next to each field in the Fields panel.

The Format panel allows you to format the fields available in the Event list (their properties, size, etc.). You can open it by clicking the style icon , as shown in Figure 84, “Expanding the Format Event List Panel”:

The Format panel stands as a separate area on the side and shows only the fields added as columns in the Event list.

Expand the Format Panel and its column properties

Figure 84. Expanding the Format Event List Panel


Click + to add a new column in the Event list and format the field accordingly.

Clicking - removes the field from the currently displayed result. See Column Properties.