- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
Event Details
For any event in the search results, click View all fields to display an Event Details panel. The panel includes the full raw message of the event, along with the entire list of parsed fields for that event. You can interact with the Event Details panel in the ways described below:
Note
If an event does not specify a time zone, the time in the parsed fields is reported in the local time zone. In the raw log message, the time remains as is.
 |
Use the Search field at the top of the panel to search both the raw message and the list of parsed fields.
Use the
icons at the top of the panel to navigate between result events.Click the
icon to close the Event Details panel and return to the Enhanced Search homepage.Click the
icon next to any field in the PARSED FIELDS list, to hide/show the field in the search results.Click the enrichment indicator icon (for example:
) next to any field that contains enriched data to display an enriched field tooltip. The tooltip explains the type and source of the enriched data.
To display additional options for each field in the list, click the drop-down menu icon (
) that appears when you hover your cursor over a field row. 
Depending on whether or not the field was included in the original query, the options below are available:
Use the AND, AND NOT, and OR operators to add the field to your query.
Click Remove to remove the field from your query. (Available only for fields that are already included in the query.)
Click Copy to copy the value of the field to the clipboard.
Click Visualize Field to pivot immediately to the Dashboard app, where you will be presented with the visualization editor view with the information from your search query preconfigured.
