Using the field picker

The field picker is very useful for investigating and navigating data. Clicking on any field in the field picker pops open a panel with a wealth of information about that field in the results of your search.

Looking through the information, we observe:

Appears in X% of results tells you how many events contain a value for this field.
Show only events with this field will modify the query to only show events that have this field defined.
Select and show in results is a shortcut for adding a field to your selected fields.
Top values by time and Top values overall present graphs about the data in this search. This is a great way to ...

Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Using the field picker

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly