Raw Data Format

Based on your search query, the results are displayed in Raw data format. Each event is summarized per row.

The same result set can be viewed in the Table format.

The column value options are displayed in the following illustration.

Using the Raw data format, you can perform the following tasks:

  • Showing or hiding columns from the Raw data

    Click the Columns on or off link to show the selected columns below the event, or to hide columns to view events in the raw format.

  • Wrapping long events

    Click the Wordwrap text on or off link to indicate if long event should break at normal word break points or to display long events.

  • Highlighting keywords

    By default, the Highlight keyword option is set to on for queries that include CONTAINS or LIKE statements. Click the Highlight on or off link to highlight keywords or remove highlighting from the keywords. This option is not visible for queries that do not include CONTAINS or LIKE statements.

    In the following illustration, when the search query is: USE sample | sys_body CONTAINS 'BillingApp', the keyword BillingApp is highlighted.

  • Filtering data

    Click the column value and select Include this Filter to filter the data based on the value. If you select Exclude this Filter, the results exclude the specified value.

    The Data panel displays results immediately based on the defined filters. You can add multiple filters to fine-tune your search results. You can update the existing filter value. Click on the value to open the Enter value field. Update the value in the field and click . The results are refreshed immediately based on the new filter.

    The following illustration displays the Raw data showing filtered results for the hit: 341 value.

    Click to show or hide filters from the Data panel.

    Click the column value and select Include this filter on Result tab to filter the data based on the value in a new Result tab. If you select Exclude this filter from Result tab, a new Result tab displays results excluding the specified value.

    You can filter based on the event body. Drag the mouse to select the event body and select Include this filter to filter your results based on the event body filter. The selected keyword is highlighted in the results. If you select Exclude this filter the results exclude the specified event body.

  • Sorting columns

    You can sort on any column, including group-by count(*) column, group-by aggregation-columns, and other columns. Click the column value and then select Sort Ascending to sort columns in  order. Click the column value and then select Sort Descending to sort columns in descending order.

  • Grouping by values

    Click the column value and select Group by to view grouped results. A new Result tab opens showing grouped results for the selected value as can be seen in the following figure:

    You can group by different time ranges. Click the timestamp value, then select the Group Dates by option, and then select the option to group your results by different time periods. The Raw data view is refreshed showing the results that are grouped by defined time period. When grouped by sys_eventTime, the results are sorted in ascending order.

  • Hiding columns from the Raw data

    Click the column value and then select Hide to hide the selected column from the Raw data format.