After performing a search, you can select any cell within the search grid to inspect the full set of metadata available for that record. The inspector allows you to view the schema fields to better understand each log message.
View the Inspector
To open the inspector for a search result, from the Dashboard:
- On the left-side menu, click the Search icon.
The Search page appears.
- Select a saved search tab at the top of the page, or click the plus icon + in the top-right of the page to create a new search.
- (Optional, if creating a new search.) Enter the search query and perform a search as normal.
Click one of the fields in the search results grid. For example, click any cell in the Host IP column.
The Inspect pane opens on the right side of the screen.
The inspector automatically opens to the field and value of the selected cell in the formatted metadata.
Selecting a cell in the Raw Message column opens the inspector's Raw Message tab, and shows the entire raw metadata.
Navigate the Inspector
Once the inspector has been opened, the following tabs and options are available to navigate the window.
This tab displays all of the metadata for the log message formatted into the appropriate schema fields.
All data in the Formatted tab can be copy/pasted as needed.
This tab displays all of the metadata for the log message in its original, raw format.
All data in the Raw tab can be copy/pasted as needed.
|Show empty fields|
By default, fields that do not contain information are hidden on the Formatted tab.
Check the Show empty fields box to display those empty fields.
The populated fields are expanded by default when viewing the Formatted tab.
If the fields have been collapsed, click Expand All to re-open them.
Click Collapse All to collapse all of the populated fields and only show the top-level schema field headers.
To open a single schema field header at a time, click the drop-arrow icon next to the field header name.
Each line item in the inspector has an expandable context menu with multiple actions. To open the context menu for a line item in the inspector, click the three-dot menu to the right of the item in question.
The following options are available in each item's context menu. Some of the options enhance your existing search using operators. For more information on operators, see Query Language (Operators).
|Copy Value||Click to add the highlighted line item to the clipboard. The information can then be pasted elsewhere.|
Adds the selected value to your existing search criteria using the AND operator.
For example, selecting Drill Down on a Host IP address narrows the search to only include results that have that Host IP address.
Removes the selected value from your existing search criteria using the AND NOT operator. This produces the opposite function of the Drill Down option.
For example, selecting Remove Value on a Host IP address narrows the search to exclude results that include that Host IP address.
Adds the selected value to your existing search criteria using the OR operator.
For example, selecting Add Value on a Host IP address expands the search to include all results with that Host IP address.
Opens a new browser tab with updated search results that include the selected value during the previous search's time criteria.
For example, selecting Pivot on a Host IP address opens a new browser window of a search for that Host IP address during the same timeframe as the original search.