Remove Attributes, Columns/Fields From Result Set - Example 2 | LogScale Query Examples

Remove Attributes, Columns/Fields From Result Set - Example 2

Drop two fields from a result set using the drop() function

Query

logscale

drop([header,value])

Introduction

The drop() function is used to drop fields (remove attributes and columns) from result set. The function excludes a specified number of rows or columns from the start or end of an array.

In this example, the drop() function is used to remove the fields header and value from result set.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[/Drop Field\] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#2ac76d; click 0 #examples-drop-headervalue-2-0 style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
drop([header,value])
```
Drops both the field named header and the field named value.
Event Result set.

Summary and Results

The query is used to remove data during ingest, in this example removing more fields. Removal of fields are useful if you have created fields in subsearches (extracted some values in new fields during the filtering process) that are no longer needed in the final result set. If you want to drop an entire event, it is possible to use the dropEvent() function.

Examples Library