Remove Attributes, Columns/Fields From Result Set - Example 1 | LogScale Query Examples

Remove Attributes, Columns/Fields From Result Set - Example 1

Drop a single field from a result set using the drop() function

Query

logscale

drop(header)

Introduction

The drop() function is used to drop fields (remove attributes and columns) from result set. The function excludes a specified number of rows or columns from the start or end of an array.

In this example, the drop() function is used to remove the header field from result set.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[/Drop Field\] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#2ac76d; click 0 #examples-drop-header-1-0 style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
drop(header)
```
Drops a single field named header.
Event Result set.

Summary and Results

The query is used to remove data during ingest, in this example removing a field. Removal of fields are useful if you have created fields in subsearches (extracted some values in new fields during the filtering process) that are no longer needed in the final result set. If you want to drop an entire event, it is possible to use the dropEvent() function.

Examples Library