Document toolboxDocument toolbox

Filter data

Owned by Sarah Bigault (Deactivated)
Last updated: Apr 07, 2021 by Borja Moro Moreno
3 min read

Apply filters to table data to isolate or exclude specified field values. The results are returned immediately and displayed in chronological order and at the same time. The timeline is updated to match the query.

Using the Operations Over Columns window

You can use this window to specify the arguments needed for the operation following the procedure explained below:

  1. Select the Filter icon in the query window toolbar. The Operations Over Columns window appears with the Filter option selected.

  2. Choose the required filter type in the Operation drop-down list.
  3. Select the arguments of the filter. Depending on the filter type selected, you will be prompted to select a set of specific arguments. 
    You can select columns or also enter free text by clicking this icon , as is sometimes required for an operation. For example, you might filter for URLs that contain the string bingThen choose normal to include the filtered events, or select negated to exclude the filtered events.
  4. Click Filter data when you're done. The data table will only show those events that meet the conditions of the filter applied.

Case sensitivity selector

Some operations have a case sensitive and a case insensitive version, for example, Contains - case insensitive (weakhas) and Contains (has, ->). Use the Case sensitivity buttons in the window to display only the sensitive or insensitive versions of these operations, or choose all to show both versions. Operations that don't have a sensitive and insensitive version will be visible regardless of the option selected.

You can select the default option in your User preferences, and Admin users can do the same for all the users in the domain in their Domain preferences.

Using column header list of values

Select the arrow icon that appears when hovering over a column header to see the list of distinct values in that column, then click a value name. The Operations over columns window will be open in the Filter tab, and the Equal (eq, =) operation selected. The column and value selected will be automatically added as arguments of the filter.

Using cell value

Alternatively, you can use a cell's content as filtering criteria to quickly include all the arguments needed for the operation. If you place the cursor over a cell on the data table and press ENTER, the Operations over columns window will be open with the Filter tab and the Equal (eq, =) operation selected. The arguments will be automatically filled with the values of the cell and its column (Value → Column, Is equal to → Cell).

Using cell value to filter in a new tab

You can also use a cell's content as filtering criteria and show the result in a different browser tab. Right-click on a cell and select Filter in another tab by (...) and a new browser tab will open to display the result of this filter operation without losing the previous search.

These separate searches function as independent searches, so modifying or closing one does not affect the other. This way we experience a higher degree of versatility in our workflow getting the ability to work with different variables and outcomes separately, and additionally, we get the ability to perform the filter operation with just two clicks.

Watch the following video for a demonstration of this feature.