Using the field picker

The field picker is very useful for investigating and navigating data. Clicking on any field in the field picker pops open a panel with a wealth of information about that field in the results of your search.

Looking through the information, we observe the following:

• Number (of) Values, Appears in X% of results tells you how many events contain a value for this field.
• Selected indicates if the field is a selected field.
• Top values and Top values by time (allows referring to the Top 10 Values returned in the search) present graphs about the data in this search. This is a great way to pe into reporting and graphing. We will use this as a launching point later in Chapter 3, Tables, Charts, and Fields.
• Rare Values displays the least common values of a field.
• Show only Events with this field will modify the query to show only those events that have this field defined.
• The links are actually a quick representation of the top values overall. Clicking on a link adds that value to the query. Let's click on c:\\Test Data\\tm1server.log.
  

This will rerun the search, now looking for errors that affect only the source value c:\\Test Data\\tm1server.log.