Using the field picker
The field picker is very useful for investigating and navigating data. Clicking on any field in the field picker pops open a panel with a wealth of information about that field in the results of your search.
Looking through the information, we observe:
Appears in X% of results tells you how many events contain a value for this field.
Show only events with this field will modify the query to only show events that have this field defined.
Select and show in results is a shortcut for adding a field to your selected fields.
Top values by time and Top values overall present graphs about the data in this search. This is a great way to dive into reporting and graphing. We will use this as a launching point later.
The chart below the links is actually a quick representation of the top values overall. Clicking on a value adds that value to the query. Let's click on mary.
This will rerun the search, now looking for errors that affect only the user
mary. Going back to the field picker and clicking on other fields will filter the results even more. You can also click on words in the results, or values of fields displayed underneath events.
