Using the field picker

The field picker is very useful for investigating and navigating data. Clicking on any field in the field picker pops open a panel with a wealth of information about that field in the results of your search:

Looking through the information, we observe the following:

• Number (of) values, appears in X% of results tells you how many events contain a value for this field.
• Selected indicates if the field is a selected field.
• Top values and Top values by time (allows referring to the Top 10 Values returned in the search) present graphs about the data in this search. This is a great way to dive into reporting and graphing. We will use this as a launching point later.
• Rare values displays the least common values of a field.
• Events with this field will modify the query to show only those events that have this field defined.
• The links are actually a quick representation of the top values overall. Clicking on a link adds that value to the query. Let's click on c:\\Test Data\\tm1server.log:

This will rerun the search, now looking for errors that affect only the source value c:\\Test Data\\tm1server.log.