Search results
The All Data page provides a series of search results matching the search criteria specified in the search bar.
This topic contains the following information:
Related topics
Understanding the All Data page
At a high-level, the All Data page can be categorized into four sections – the timeline chart, the actual results, the Filters panel on the left, and the three vertical dots menu providing additional functions. These sections are displayed in the following image.
The timeline chart summarizes the series of search results displayed. And on the left, you can use the Filters panel with fields and tags to add fields and tags to your search query and narrow down your results. For more information, see Filtering-your-search-results.
The actual series of search results are displayed in the following two ways:
- (Default) Text view: Displays a series of actual search results (raw data).
- Chart view: Displays a chart summarizing the search results.
For more information, see Viewing and understanding search results.
Furthermore, you can perform the following actions by clicking the three vertical dots menu next to All Data.
- See coalesced results for the given search query and the given time range. For more information, see Coalesced-results.
- Compare the search results summarized on the timeline chart across different time contexts. This can help you compare the data trend occurring for the same search query, and for the same time interval, but for different time contexts. For more information, see Compare-results.
Viewing and understanding search results
To be able to view and analyze your data, you need to perform various kinds of searches. You can perform a search by specifying a simple search string or building a more complex search string to narrow down your results. For more information about searching data, see Search-tab.
When you perform a search, the search results and the timeline chart summarizing the search results are displayed on the All Data page. The timeline chart depicts how your search results are distributed over the specified time. For more information, see Using the timeline and summarization charts.
The search results can be viewed in the following ways:
Action | Icon | Description | Additional information |
|---|---|---|---|
Text View |
| Displays a series of actual search results. | |
Chart View |
| Summarizes the search results in the form of various kinds of charts, for example, bar diagram, pie chart, and so on. |
Understanding the Text View
The Text View displays the actual search results in the form of a series of indexed data, also known as records or events. Each record comprises the date, time stamp, time zone of the data entry, and multiple rows of data. If the time stamp for a data file is missing, the product automatically assigns a time stamp at the time of indexing. The time stamp assigned depends on the server on which the Indexer is located.
The following rows are displayed for each record (or event):
First row (raw data) | Displays the indexed raw data entries. You can change the level of detail that you want to see by selecting one of the options in the View list displayed under the timeline chart. |
|---|---|
Second row (tags) | Displays the tags that you added while creating the data collector. You can click these tags to add to your search criteria and perform a new search. |
Third row (fields) | Displays the fields extracted at the time of indexing. You can click these fields to add to your search criteria and perform a new search. You can also add them to the list of favorite fields available in the Fields section, under the Filters panel, on the left. |
You can perform the following actions on the search results:
Action | Description |
|---|---|
Change level of detail | You can change the level of detail for the search results by selecting one of the following views under the timeline chart:
|
Change the number of results | By default, you can see up to 100 results of a search. You can move to the next page of results by selecting one of the number ranges from the list at the bottom of your screen. |
Change the time context of the results | You can change the time context of the search results in various ways:
For more information, see Filtering-your-search-results. |
Add fields or tags to your search criteria from the results | Click on a field or tag name appearing in the search results to add it to your search criteria and perform a search. For more information, see Filtering-your-search-results. |
Add fields to the Filters panel from the results | Click Add to Fields |
Export search results | Click Export Results at the top-right of the search results area to export your search results as a CSV or a RAW file. You can change the maximum number of results to export, by navigating to Administration > System Settings. |
or Shift time context to next 
to toggle back and forth and see results for the various time contexts.
next to a field to add that field to the Filters panel on the left and under the Fields section. You can use these fields for narrowing down your results. For more information about searching with fields, see Understanding the Chart View
The Chart View displays the summarization chart that summarizes the search results available as a result of running a search. By default, the summarization chart displays a bar diagram summarized on the basis of the default HOST field. You can change the chart type and the field (or tag) name based on which the search results are summarized. For more information, see Using-the-timeline-and-summarization-charts.
Summary of the actions available on the All Data page
The following table summarizes the All Data page UI controls at a high level.
You can view the various UI controls summarized in the following table only after you perform a search.
UI controls on the All Data page