×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight IT Data Analytics 11.0 ... Using Search commands

fields search command

This search command retains (+) or removes (-) fields from search results based on the field list specified.

This command uses the following conventions:

  • If you specify a plus sign (+), fields that match one of the fields specified in the command are retained.
  • If you specify a minus sign (-), fields that match one of the fields specified in the command are removed.
  • If you do not specify a plus (+) or a minus sign (-), the command assumes a plus sign (+).

This topic contains the following information:

For a list of all search commands, see Search commands.

Related topics

chgname search command

Getting started with search

Syntax

fields [+] <Field-List>
fields [-] <Field-List>

In the preceding syntax, the following definitions apply:

  • [expression] indicates it is optional.
  • <Field-List> refers to a comma-separated list of fields.

Short examples

Example 1: Remove the fields destHost and ip from the search results.

... | fields - destHost, ip

Example 2: Remove the fields username, protocol, rfc931, and RequestURL from the search results.

... | fields - username, protocol, rfc931, RequestURL

Example 3: Retain the field RequestType and ResponseCode in the search results.

... | fields RequestType, ResponseCode

Long examples

The following sample data and sample indexed data (displayed on the Search tab) will help you understand the examples of using the fields command.

Sample data

10.1.1.140 - - [11/Jul/2013:15:01:52 -0700] "GET /themes/ComBeta/images/bullet.png 
HTTP/1.1" 404 100
10.1.1.140 - - [11/Jul/2013:15:02:52 -0700] "GET /themes/ComBeta/images/bullet.png 
HTTP/1.1" 201 150
10.1.1.141 - - [11/Jul/2013:15:03:52 -0700] "PUT /themes/ComBeta/images/bullet.png 
HTTP/1.1" 201 200
10.1.1.141 - - [11/Jul/2013:15:04:52 -0700] "POST /themes/ComBeta/images/bullet.png 
HTTP/1.1" 200 100

Back to examples ↑

Sample indexed data

10.1.1.141 - - [11/Jul/2013:15:04:52 -0700] "POST /themes/ComBeta/images/bullet.png 
HTTP/1.1" 200 100
HOST=local.bmc.com |ResponseSize=100|COLLECTOR_NAME=u4 |ClientIp=10.1.1.141 |ResponseCode=200 |RequestType=POST|RequestURL=/themes/ComBeta/images/bullet.png
10.1.1.141 - - [11/Jul/2013:15:03:52 -0700] "PUT /themes/ComBeta/images/bullet.png 
HTTP/1.1" 201 200
HOST=local.bmc.com |ResponseSize=200|COLLECTOR_NAME=u4 |ClientIp=10.1.1.141 |ResponseCode=201 |RequestType=PUT|RequestURL=/themes/ComBeta/images/bullet.png
10.1.1.140 - - [11/Jul/2013:15:02:52 -0700] "GET /themes/ComBeta/images/bullet.png 
HTTP/1.1" 201 150
HOST=local.bmc.com |ResponseSize=150|COLLECTOR_NAME=u4 |ClientIp=10.1.1.140 |ResponseCode=201 |RequestType=GET|RequestURL=/themes/ComBeta/images/bullet.png
10.1.1.140 - - [11/Jul/2013:15:01:52 -0700] "GET /themes/ComBeta/images/bullet.png 
HTTP/1.1" 404 100
HOST=local.bmc.com |ResponseSize=100|COLLECTOR_NAME=u4 |ClientIp=10.1.1.140 |ResponseCode=404 |RequestType=GET|RequestURL=/themes/ComBeta/images/bullet.png

Back to examples ↑

Remove particular fields

In this example, you use the command to remove the fields username, protocol, rfc931, and RequestURL from the search results.

Command

... | fields - username, protocol, rfc931, RequestURL

Output

10.1.1.141 - - [11/Jul/2013:15:04:52 -0700] "POST /themes/ComBeta/images/bullet.png 
HTTP/1.1" 200 100
HOST=local.bmc.com |COLLECTOR_NAME=u4 |ClientIp=10.1.1.141 |ResponseCode=200 |DATA_PATTERN=MyAccess |ResponseSize=100 |RequestType=POST |COLLECTOR=test_http_access.log
10.1.1.141 - - [11/Jul/2013:15:03:52 -0700] "PUT /themes/ComBeta/images/bullet.png 
HTTP/1.1" 201 200
HOST=local.bmc.com |COLLECTOR_NAME=u4 |ClientIp=10.1.1.141 |ResponseCode=201 |DATA_PATTERN=MyAccess |ResponseSize=200 |RequestType=PUT |COLLECTOR=test_http_access.log
10.1.1.140 - - [11/Jul/2013:15:02:52 -0700] "GET /themes/ComBeta/images/bullet.png 
HTTP/1.1" 201 150
HOST=local.bmc.com |COLLECTOR_NAME=u4 |ClientIp=10.1.1.140 |ResponseCode=201 |DATA_PATTERN=MyAccess |ResponseSize=150 |RequestType=GET |COLLECTOR=test_http_access.log
10.1.1.140 - - [11/Jul/2013:15:01:52 -0700] "GET /themes/ComBeta/images/bullet.png 
HTTP/1.1" 404 100
HOST=local.bmc.com |COLLECTOR_NAME=u4 |ClientIp=10.1.1.140 |ResponseCode=404 |DATA_PATTERN=MyAccess |ResponseSize=100 |RequestType=GET |COLLECTOR=test_http_access.log

Back to examples ↑

Retain particular fields and remove all other fields

In this example, you use the command to retain the fields RequestType and ResponseCode and remove all other fields.

Command

... | fields RequestType, ResponseCode

Output

10.1.1.141 - - [11/Jul/2013:15:04:52 -0700] "POST /themes/ComBeta/images/bullet.png 
HTTP/1.1" 200 100
HOST=local.bmc.com |COLLECTOR_NAME=u4 |ResponseCode=200 |DATA_PATTERN=MyAccess |RequestType=POST
10.1.1.141 - - [11/Jul/2013:15:03:52 -0700] "PUT /themes/ComBeta/images/bullet.png 
HTTP/1.1" 201 200
HOST=local.bmc.com |COLLECTOR_NAME=u4 |ResponseCode=201 |DATA_PATTERN=MyAccess |RequestType=PUT
10.1.1.140 - - [11/Jul/2013:15:02:52 -0700] "GET /themes/ComBeta/images/bullet.png 
HTTP/1.1" 201 150
HOST=local.bmc.com |COLLECTOR_NAME=u4 |ResponseCode=201 |DATA_PATTERN=MyAccess |RequestType=GET
10.1.1.140 - - [11/Jul/2013:15:01:52 -0700] "GET /themes/ComBeta/images/bullet.png 
HTTP/1.1" 404 100
HOST=local.bmc.com |COLLECTOR_NAME=u4 |ResponseCode=404 |DATA_PATTERN=MyAccess |RequestType=GET

Back to examples ↑

Notes

  • Default fields such as HOST, COLLECTOR_NAME, and DATA_PATTERN cannot be removed.
  • You cannot specify a command that uses both plus (+) and minus (-) signs together.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sonali Deshmukh on Jan 10, 2017
using reference search search_commands examples

Comments

Log in or register to comment.

extractkv search command
filter search command
© Copyright 2014-2017 BMC Software, Inc
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.