Search Results Grid Inspector
After performing a search, you can select any cell within the search grid to inspect the full set of metadata available for that record. The inspector allows you to view the schema fields to better understand each log message.
For more information on schema fields, see the Axon Data Schema Guide.
View the Inspector
To open the inspector for a search result, from the Dashboard:
- On the left-side menu, click the Search icon.
The Search page appears. - Select a saved search tab at the top of the page, or click the plus icon + in the top-right of the page to create a new search.
- (Optional, if creating a new search.) Enter the search query and perform a search as normal.
Click one of the fields in the search results grid. For example, click any cell in the Host IP column.
The Inspect pane opens on the right side of the screen.The inspector automatically opens to the field and value of the selected cell in the formatted metadata.
Selecting a cell in the Raw Message column opens the inspector's Raw Message tab, and shows the entire raw metadata.
Navigate the Inspector
Once the inspector has been opened, the following tabs and options are available to navigate the window.
| Option/Tab | Description |
|---|---|
| Formatted Tab | This tab displays all of the metadata for the log message formatted into the appropriate schema fields. All data in the Formatted tab can be copy/pasted as needed. |
| Raw Tab | This tab displays all of the metadata for the log message in its original, raw format. All data in the Raw tab can be copy/pasted as needed. |
| Show empty fields | By default, fields that do not contain information are hidden on the Formatted tab. Check the Show empty fields box to display those empty fields. |
| Expand All | The populated fields are expanded by default when viewing the Formatted tab. If the fields have been collapsed, click Expand All to re-open them. |
| Collapse All | Click Collapse All to collapse all of the populated fields and only show the top-level schema field headers. To open a single schema field header at a time, click the drop-arrow icon next to the field header name. |
Inspector Actions
Each line item in the inspector has an expandable context menu with multiple actions. To open the context menu for a line item in the inspector, click the three-dot menu to the right of the item in question.
The following options are available in each item's context menu. Some of the options enhance your existing search using operators. For more information on operators, see Build a Search Query.
| Option | Description |
|---|---|
| Copy Value | Click to add the highlighted line item to the clipboard. The information can then be pasted elsewhere. |
| Drill Down | Adds the selected value to your existing search criteria using the AND operator. For example, selecting Drill Down on a Host IP address narrows the search to only include results that have that Host IP address. |
| Remove Value | Removes the selected value from your existing search criteria using the AND NOT operator. This produces the opposite function of the Drill Down option. For example, selecting Remove Value on a Host IP address narrows the search to exclude results that include that Host IP address. |
| Add Value | Adds the selected value to your existing search criteria using the OR operator. For example, selecting Add Value on a Host IP address expands the search to include all results with that Host IP address. |
| Pivot | Opens a new browser tab with updated search results that include the selected value during the previous search's time criteria. For example, selecting Pivot on a Host IP address opens a new browser window of a search for that Host IP address during the same timeframe as the original search. |