...
Rw ui steps macro | ||||
---|---|---|---|---|
Select the Filter icon in the search window toolbar. The Operations over fields window appears with the Filter tab selected.
Choose the required filter type in the OperationMain operation dropdown list. For a detailed list of available operations in Devo, check Operations reference. You can click the icon next to the dropdown menu to filter the list of operations as required:
Select the Arguments of the selected filter operation by clicking the Add argument button. Depending on the filter type selected, you will be prompted to select a set of specific arguments. You can select fields or also enter free text by clicking the icon shown below, as is sometimes required for an operation. For example, you might filter for URLs that contain the string bing. Additionally, you can include nested operations to modify the results of the field values or results of the main filter operation selected. Learn more about nested operations in Build a query in the search window.
Click Filter when you're done. The data table will only show those events that meet the conditions of the filter applied. |
...
Select the arrow icon that appears when hovering over a field header to see the list of distinct values in that field, then click a value name. The Operations over fields window will be open in the Filter tab, and the Equal - case insensitive (eqic) operation selected. The field and value selected will be automatically added as arguments of the filter.
...
Alternatively, you can use a cell's content as filtering criteria to quickly include all the arguments needed for the operation. If you place the cursor over a cell on the data table and press
Status | ||||
---|---|---|---|---|
|
...
Using cell value to filter in a new tab
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
...
These separate searches function as independent searches, so modifying or closing one does not affect the other. This way we experience a higher degree of versatility in our workflow getting the ability to work with different variables and outcomes separately, and additionally, we get the ability to perform the filter operation with just two clicks.
...
Filter on raw
In all data tables, the entire event is logged in a Raw field displaying event data as a string. This string will be logged as various names depending on the table: rawMessage, rawSource, or raw.
Use the Filter on rawfield to search for keywords throughout the entire raw data field, instead of filtering by specific field.
...
...
Info |
---|
Naming protocol Given the different names for raw fields, the LINQ expression will differ as follows (in order of search priority):
|
Related article: