Filter on raw
- Juan Tomás Alonso Nieto (Deactivated)
When your table contains a rawMessage, rawSource, or raw field, the Filter on raw search box appears embedded at the top right-hand corner of the search window by default. This useful free-text search bar carries out a search of keywords entered on raw event information.
In all data tables, the entire event is logged in a Raw field displaying event data as a string. This string will be logged as various names depending on the table: rawMessage, rawSource, or raw, however, the functionality is the same.
Use the Filter on raw field to search for keywords throughout the entire raw data field, instead of filtering by specific field.
Raw data as a table field
Although raw data is not visible by default, you can show unrevealed fields in both List and Table views using the select operation to visualise raw data as a field in the table.
When searching for results, Devo will execute various searches internally until finding a result. The order of execution is as follows:
where weaktoktains (rawMessage, "<value>")"where weaktoktains (rawSource, "<value>")"where weaktoktains (raw, "<value>")"
The first clause detected will be added to the query.
See here for more information on LINQ syntax.
Supported operations
The filter on raw search functionality also supports the following LINQ operations:
You can also filter raw data using the Filter operation, or using the corresponding LINQ expressions.