Data
Based on your search query, the retrieved data is displayed in a normalized tabular format, and each event is summarized per row.
From the Data panel, you can perform the following tasks:
- Viewing event count
The total number of retrieved events is displayed on the upper-right side.
- Filtering search results
You can create a filter using the column value and event body text to fine-tune your search results.
- Adding a new data model
You can add a new data model from the Data panel. Click
located on the upper-right corner of the
Data panel to add a new data model. All events that are displayed in the
Results tab are copied in the
Create Data Model panel. For instructions on how to add a new data model, see
Adding a Data Model in Graphical Mode.
Note: If a search query contains a single data model, then the defined source filter is copied. If there are multiple data models defined in the query, the Create source filter panel does not display any value.You can edit custom data models from the Data panel. Click
located on the upper-right corner of the Data panel to edit the data model. All events that are displayed in the
Results tab are copied in the
Create Data Model panel. For instructions on how to update data models, see
Editing Data Models.
- Downloading search results
- Creating filtered query as a new search query
After adding filters on your results, click the
icon, located on the upper-right corner of the
Data panel, to create a new search query in a new
Search tab for the same conditions.
In the following illustration, a filter condition sys_body INCLUDES logapp is added on the Data panel in the Search 1 tab.
Now if you click the
icon in the Search 1 tab, a new tab Search 2 opens, showing the conditions in the
Search field.
to show or hide filters from the
. You can select how much data you want to download from the following options:
