Request List of Fields
Request a list of all fields in a repository using the fieldset() function
Query
fieldset()Introduction
The fieldset() function can be used to return a
list of all available fields in a repository. It returns everything
within the current event set. The list of returned fields is context
specific.
In this example, the fieldset() function is used to
request a list of all fields in a repository for HTTP access logs.
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0{{Aggregate}} result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
fieldset()Returns a list of all available fields in a repository for HTTP access logs.
Event Result set.
Summary and Results
The query is used to return a list of all fields within the current
event set. The fieldset() function is particularly
useful when you are new to an event set, as it provides a quick way to
get an overview of all available fields without having to inspect
individual events manually. Also a valuable tool for further querying
when combining it with other functions or filters to explore specific
subsets of the data.
Sample output from the incoming example data (HTTP access log):
| @timezone |
|---|
| @timestamp.nanos |
| @timestamp |
| @source |
| @rawstring |
| @ingesttimestamp |
| @id |
| @host |
| #type |
| #repo |
| #humioBackfill |
The list of returned fields is context specific. The field list can be reduced as part of the query when combined with other functions, for example, by an aggregate function:
groupBy([#type,@host])
| fieldset()Sample output from the incoming example data when reduced:
| _count |
|---|
| @host |
| #type |