![]() Sets RANGE field to the name of the ranges that match.Ĭoncatenates string values and saves the result to a specified field. See also, evaluation functions.Īdds location information, such as city, country, latitude, longitude, and so on, based on IP addresses.įor configured lookup tables, explicitly invokes the field value lookup and adds fields from the lookup table to the events.Įxtracts field-values from table-formatted events. Keeps a running total of the specified numeric field.Īdd fields that contain common information about the current search.Ĭomputes the sum of all numeric fields for each result.Ĭomputes the difference in field value between nearby results.Ĭalculates an expression and puts the value into a field. The most useful command for manipulating fields is eval and its statistical and charting functions. These are commands you can use to add, extract, and modify fields or field values. Computes the necessary information for you to later run a top search on the summary index. Computes the necessary information for you to later run a timechart search on the summary index. Computes the necessary information for you to later run a stats search on the summary index. Computes the necessary information for you to later run a rare search on the summary index. Computes the necessary information for you to later run a chart search on the summary index. Puts search results into a summary index.įinds events in a summary index that overlap in time or have missed events. These commands are used to create and manage your summary indexes. These are some commands you can use to add data sources to or delete specific data from your indexes.ĭelete specific events or search results. Returns typeahead information on a specified prefix. Returns a list of source, sourcetypes, or hosts from a specified index or distributed search peer. Returns the number of events in an index. Returns information about the specified index. Return information about a data model or data model object. They do not modify your data or indexes in any way. ![]() These commands return information about the data you have in your indexes. These commands can be used to learn more about your data, add and delete data sources, or manage the data in your summary indexes. Provides statistics, grouped optionally by fields. Performs set operations (union, diff, intersect) on subsearches. Returns the difference between two search results.Ĭombines the results from the main results pipeline with the results from a subsearch. ![]() These commands can be used to build correlation searches.Īppends subsearch results to current results.Īppends the fields of the subsearch results to current results, first results to first result, second to second, etc.Īppends the result of the subpipeline applied to the current result set to results.įinds association rules between field values.īuilds a contingency table for two fields.Ĭalculates the correlation between different fields. ![]() Some commands fit into more than one category based on the options that you specify. The following tables list all the search commands, categorized by their usage. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |