- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
Field Summary
The Field Summary panel lists all parsed fields belonging to specific subjects, followed by a list of general fields. Each subject is represented by an icon. You can expand each list to see a list of the most commonly used fields and a count of the unique values for each field. By default, these results are calculated for the first 500 results.
Note
The Field Summary panel displays a specific set of fields. If the search results do not include any fields from the predefined list, the Field Summary panel is disabled.
Select any field name in the list to open a panel that shows the calculated statistics of every value for that field.
Note
Because new events are ingested in real time, the number of Occurrences, listed at the top of the panel, may be larger (or otherwise not match) the number of Events. This can occur when the number of occurrences includes new events that were not captured during the time of the search.
 |
You can interact with the panel in the following ways:
Use the search bar to search for a specific value.
Click the column header to sort the fields by VALUE or OCCURENCES.
Click the options menu
to display possible options for the field (options may vary depending on the query):
Use the AND, AND NOT, and OR operators to add the field to your query.
Click Copy to copy the value of the field to the clipboard.
Click Visualize Field to pivot immediately to the Dashboard app, where you will be presented with the visualization editor view with the information from your search query preconfigured.
Note
The full field summary functionality is not enabled for customers with an Exabeam Security Analytics license.
The default field summary (first 500 records only) is available on data past the license.