Search results
When you perform a search, search results matching the search criteria specified are displayed. On the Search > All Data page, search results can be viewed in various ways – series of results (Text View), summarized in a chart (Chart View), tabular format (Table View). When you access the product, search results are displayed based on the last accessed view.
This topic contains the following information:
Related topics
Understanding the All Data page
At a high-level, the All Data page can be categorized into four sections – the timeline chart, the actual results, the Filters panel on the left, and the three vertical dots menu providing additional functions. These sections are displayed in the following image.
The timeline chart summarizes the search results displayed. And on the left, you can use the Filters panel with fields and tags to add fields and tags to your search query and narrow down your results. For more information, see Filtering-your-search-results.
The actual series of search results are displayed in the following ways:
- (Default) Text View: Displays a series of actual search results (raw data).
- Chart View: Displays a chart summarizing the search results.
- Table View: Displays search results in a table formed by fields.
For more information, see Viewing and understanding search results.
Furthermore, you can perform the following actions by clicking the three vertical dots menu next to All Data.
- See coalesced results for the given search query and the given time range. For more information, see Coalescing-results.
- Compare the search results summarized on the timeline chart across different time contexts. This can help you compare the data trend occurring for the same search query, and for the same time interval, but for different time contexts. For more information, see Comparing-results.
Viewing and understanding search results
To be able to view and analyze your data, you need to perform various kinds of searches. You can perform a search by specifying a simple search string or building a more complex search string to narrow down your results. For more information about searching data, see Search-tab.
When you perform a search, the search results and the timeline chart summarizing the search results are displayed on the All Data page. The timeline chart depicts how your search results are distributed over the specified time. For more information, see Using the timeline and summarization charts.
The search results can be viewed in the following ways:
Action | Icon | Description | Additional information |
|---|---|---|---|
Text View |
| Displays a series of actual search results. | |
Chart View |
| Displays a summary of the search results in the form of various kinds of charts, for example, bar diagram, pie chart, and so on. | |
Table View |
| Displays the search results in a table formed by fields. |
Understanding the Text View
The Text View displays the actual search results in the form of a series of indexed data, also known as records or events. Each record comprises the date, time stamp, time zone of the data entry, and multiple rows of data. If the time stamp for a data file is missing, the product automatically assigns a time stamp at the time of indexing. The time stamp assigned depends on the server on which the Indexer is located.
The following rows are displayed for each record (or event):The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
You can perform the following actions on the search results:The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
Understanding the Chart View
The Chart View displays the summarization chart that summarizes the search results available as a result of running a search. By default, the summarization chart displays a bar diagram summarized on the basis of the default HOST field. You can change the chart type and the field (or tag) name based on which the search results are summarized. For more information, see Using-the-timeline-and-summarization-charts.
Understanding the Table View
The Table View displays the search results in a table. Each column in the table represents a field. Each row in the table represents the individual records (or events) that are categorized into columns based on these fields. The date and time string is displayed in the Timestamp column, while the original raw data record is displayed under the Raw Value column.
All fields extracted at the time of indexing and all tags relevant to the search results are displayed in the table. You can use the horizontal scroll bar to see all the columns available. You can also control the number of columns that must be displayed by selecting the correct columns (fields and tags) from the Show or hide columns menu.
If your data does not follow a set pattern or if the pattern continuously changes, you might find that some columns have blank values. This means that those values are only available in particular records for which the field was extracted. You need to navigate through the results to find those values.
You can perform the following actions on the search results displayed in the table:The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
Summary of the actions available on the All Data page
The following table summarizes the All Data page UI controls at a high level.
You can view the various UI controls summarized in the following table only after you perform a search.
UI controls on the All Data page