When you perform a search, search results matching the search criteria specified are displayed. On the Search > All Data page, search results can be viewed in various ways – series of results (Text View), summarized in a chart (Chart View), tabular format (Table View). When you access the product, search results are displayed based on the last accessed view.
This topic contains the following information:
Related topics
Understanding the All Data page
At a high-level, the All Data page can be categorized into four sections – the timeline chart, the actual results, the Filters panel on the left, and the three vertical dots menu providing additional functions. These sections are displayed in the following image.
The timeline chart summarizes the search results displayed. And on the left, you can use the Filters panel with fields and tags to add fields and tags to your search query and narrow down your results. For more information, see Filtering your search results.
The actual series of search results are displayed in the following ways:
- (Default) Text View: Displays a series of actual search results (raw data).
- Chart View: Displays a chart summarizing the search results.
- Table View: Displays search results in a table formed by fields.
For more information, see Viewing and understanding search results.
Furthermore, you can perform the following actions by clicking the three vertical dots menu next to All Data.
- See coalesced results for the given search query and the given time range. For more information, see Coalescing results.
- Compare the search results summarized on the timeline chart across different time contexts. This can help you compare the data trend occurring for the same search query, and for the same time interval, but for different time contexts. For more information, see Comparing results.
Viewing and understanding search results
To be able to view and analyze your data, you need to perform various kinds of searches. You can perform a search by specifying a simple search string or building a more complex search string to narrow down your results. For more information about searching data, see Search tab.
When you perform a search, the search results and the timeline chart summarizing the search results are displayed on the All Data page. The timeline chart depicts how your search results are distributed over the specified time. For more information, see Using the timeline and summarization charts.
The search results can be viewed in the following ways:
| Action | Icon | Description | Additional information |
|---|---|---|---|
| Text View |  | Displays a series of actual search results. | Understanding the Text View |
| Chart View |  | Displays a summary of the search results in the form of various kinds of charts, for example, bar diagram, pie chart, and so on. | Understanding the Chart View |
| Table View |  | Displays the search results in a table formed by fields. | Understanding the Table View |
Understanding the Text View
The Text View displays the actual search results in the form of a series of indexed data, also known as records or events. Each record comprises the date, time stamp, time zone of the data entry, and multiple rows of data. If the time stamp for a data file is missing, the product automatically assigns a time stamp at the time of indexing. The time stamp assigned depends on the server on which the Indexer is located.
The following rows are displayed for each record (or event):
First row (raw data) | Displays the indexed raw data entries. You can change the level of detail that you want to see by selecting one of the options in the View list displayed under the timeline chart. |
|---|---|
| Second row (tags) | Displays the tags that you added while creating the data collector. You can click these tags to add to your search criteria and perform a new search. |
Third row (fields) | Displays the fields extracted at the time of indexing. You can click these fields to add to your search criteria and perform a new search. You can also add them to the list of favorite fields available in the Fields section, under the Filters panel, on the left. |
| Action | Description |
|---|---|
| Change level of detail | You can change the level of detail for the search results by selecting one of the following views under the timeline chart:
|
| Change the number of results | By default, you can see up to 100 results of a search. You can move to the next page of results by selecting one of the number ranges from the list at the bottom of your screen. |
| Change the time context of the results | You can change the time context of the search results in various ways:
|
| Add fields or tags to your search criteria from the results | Click the field or tag name appearing in the search results to add it to your search criteria and perform a search. For more information, see Filtering your search results. |
| Add fields to the Filters panel from the results | Click Add to Fields  next to a field to add that field to the Filters panel on the left and under the Fields section. You can use these fields for narrowing down your results. For more information about searching with fields, see Filtering your search results. |
| Export search results | Click Export Results at the top-right of the search results area to export your search results as a CSV or a RAW file. You can change the maximum number of results to export, by navigating to Administration > System Settings. |
Understanding the Chart View
The Chart View displays the summarization chart that summarizes the search results available as a result of running a search. By default, the summarization chart displays a bar diagram summarized on the basis of the default HOST field. You can change the chart type and the field (or tag) name based on which the search results are summarized. For more information, see Using the timeline and summarization charts.
Understanding the Table View
The Table View displays the search results in a table. Each column in the table represents a field. Each row in the table represents the individual records (or events) that are categorized into columns based on these fields. The date and time string is displayed in the Timestamp column, while the original raw data record is displayed under the Raw Value column.
All fields extracted at the time of indexing and all tags relevant to the search results are displayed in the table. You can use the horizontal scroll bar to see all the columns available. You can also control the number of columns that must be displayed by selecting the correct columns (fields and tags) from the Show or hide columns menu.
If your data does not follow a set pattern or if the pattern continuously changes, you might find that some columns have blank values. This means that those values are only available in particular records for which the field was extracted. You need to navigate through the results to find those values.
You can perform the following actions on the search results displayed in the table:
| Action | Description |
|---|---|
| Resize columns | Change the width of a column, by pointing the right side of the column boundary until it becomes a resize cursor  , and then dragging the boundary until the column is the width you want. |
| Expand a raw value entry | Under the Raw Value column, click the down arrow  next to the raw data record to expand and see the entire entry. |
| Add portions of the record (or event) to your search criteria | Add any portion of the record to your search criteria by pointing to that portion and then clicking Add to Search Criteria  . |
| Add fields to the Filters panel from the results | In the column header, next to the field name, click Add to Fields Note: You cannot add the Timestamp and Raw Value fields to the Filters panel. |
| Control the number of columns displayed | Click Show or hide columns and select the columns (field and tag names) that you want to display. The selected column is displayed with a tick mark. To clear the selection, click the columns that must be hidden. |
Summary of the actions available on the All Data page
The following table summarizes the All Data page UI controls at a high level.
You can view the various UI controls summarized in the following table only after you perform a search.
UI controls on the All Data page
| UI control | Description | Resources |
|---|---|---|
| Search bar | Can be used to specify your search criterion. You can click Save Search | Search tips |
| Search string syntax | ||
| Search commands | ||
| Managing saved searches | ||
| Time range list | Can be used to specify a time range for your search. | Filtering your search results |
| Timeline chart | Displays a chart that summarizes your search results. | Using the timeline and summarization charts |
| Search results area | Displays a a list of indexed data, depending on your search criteria. You can view your search results as optimized, minimal, expanded minimal, or detailed. You can switch between the Text View You can click Export Search Results to export the search results for later viewing. You can change the maximum number of results to export, by navigating to Administration > System Settings. | Viewing and understanding search results |
| Filters panel | Displays a list of fields and tags to add to your search criteria. | Understanding fields |
| Filtering your search results |
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks