Specify a set of fields to select from each event. You most likely want to use the table() function instead. Table is an aggregate function that can also sort events while limiting the number of events.

A use-case for select is when you want to export a few fields from a large number of events into e.g. a CSV file. When viewed in the UI, you get the latest 200 events, but when exporting the result, you get all matching events.

ParameterTypeRequiredDefaultDescription
fields[string]true The names of the fields to keep. [a]

[a] If an argument name is not given, fields is the default argument.

select() Examples

Look at HTTP GET methods and create a unsorted table with the fields statuscode and responsetime

logscale
method=GET
| select([statuscode, responsetime])

Get a table of timestamp and rawstring for all events in range. In the humio UI this will get limited to 200 entries, but exporting the result as e.g. CSV will export all matching events in the time window searched.

logscale
select([@timestamp, @rawstring])