After performing a search, you can select any cell within the search grid to inspect the full set of metadata available for that record. The inspector allows you to view the schema fields to better understand each log message.

For more information on schema fields, see the Axon Data Schema Guide.

View the Inspector

To open the inspector for a search result, from the Dashboard:

  1. On the left-side menu, click the Search icon.
    The Search page appears.
  2. Select a saved search tab at the top of the page, or click the plus icon + in the top-right of the page to create a new search.
  3. (Optional, if creating a new search.) Enter the search query and perform a search as normal.
  4. Click one of the fields in the search results grid. For example, click any cell in the Host IP column.
    The Inspect pane opens on the right side of the screen.

    The inspector automatically opens to the field and value of the selected cell in the formatted metadata.

    Selecting a cell in the Raw Message column opens the inspector's Raw Message tab, and shows the entire raw metadata.

Navigate the Inspector

Once the inspector has been opened, the following tabs and options are available to navigate the window.

Option/TabDescription
Formatted Tab

This tab displays all of the metadata for the log message formatted into the appropriate schema fields.

All data in the Formatted tab can be copy/pasted as needed.

Raw Tab

This tab displays all of the metadata for the log message in its original, raw format.

All data in the Raw tab can be copy/pasted as needed.

Show empty fields

By default, fields that do not contain information are hidden on the Formatted tab.

Check the Show empty fields box to display those empty fields.

Expand All

The populated fields are expanded by default when viewing the Formatted tab.

If the fields have been collapsed, click Expand All to re-open them.

Collapse All

Click Collapse All to collapse all of the populated fields and only show the top-level schema field headers.

To open a single schema field header at a time, click the drop-arrow icon next to the field header name.

Inspector Actions

Each line item in the inspector has an expandable context menu with multiple actions. To open the context menu for a line item in the inspector, click the three-dot menu to the right of the item in question.

The following options are available in each item's context menu. Some of the options enhance your existing search using operators. For more information on operators, see Query Language (Operators).

OptionDescription
Copy ValueClick to add the highlighted line item to the clipboard. The information can then be pasted elsewhere.
Drill Down

Adds the selected value to your existing search criteria using the AND operator.

For example, selecting Drill Down on a Host IP address narrows the search to only include results that have that Host IP address.

Remove Value

Removes the selected value from your existing search criteria using the AND NOT operator. This produces the opposite function of the Drill Down option.

For example, selecting Remove Value on a Host IP address narrows the search to exclude results that include that Host IP address.

Add Value

Adds the selected value to your existing search criteria using the OR operator.

For example, selecting Add Value on a Host IP address expands the search to include all results with that Host IP address.

Pivot

Opens a new browser tab with updated search results that include the selected value during the previous search's time criteria.

For example, selecting Pivot on a Host IP address opens a new browser window of a search for that Host IP address during the same timeframe as the original search.