- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Query Using Wildcards
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Histogram View of Search Results
- Search Results Navigation Bar
- Timeline View of Search Results
- List View of Search Results
- Table View of Search Results
- Aggregated Search Results
- Event Details
- Detection Details
- Entity Details
- Data Insights
- Export Search Results
- View and Download Exported Search Result Files
- Dashboard Visualizations
Field Summary
You can view field summary information for your search results in the Timeline, List, or Table view of search results. Click Summary in the top row of the search bar to open a Summary panel on the left. When opened, the Summary panel is pinned to the top of the left side of the search results page. To close it, click the Summary button again.
The Summary panel lists all parsed fields belonging to specific subject categories, followed by a list of general fields. Each subject is represented by an icon.
By default, these results are calculated for the first 500 results.
To find a specific field in the Summary list, along with a count of the unique values for the field, do one of the following:
Use the arrow (
) on each subject category to expand a list of commonly used fields.Start typing a field name in the search field at the top of the Summary list. As you type, the list is filtered to show only the fields in each subject category that meet the search criteria. To return to the full list, click the delete icon (
) to remove the filter criteria.
Note
The Summary panel displays a specific set of fields. If the search results do not include any fields from the predefined list, the Summary panel is disabled.
Select any field name in the list to open a panel that shows the calculated statistics of every value for that field.
Note
Because new events are ingested in real time, the number of Occurrences, listed at the top of the panel, may be larger (or otherwise not match) the number of Events. This can occur when the number of occurrences includes new events that were not captured during the time of the search.
 |
You can interact with the panel in the following ways:
Use the search bar to search for a specific value.
Click the column header to sort the fields by VALUE or OCCURENCES.
Click the options menu
to display possible options for the field (options may vary depending on the query):
Click Copy to copy the value of the field to the clipboard.
Click Visualize Field to pivot immediately to the Dashboard app, where you will be presented with the visualization editor view with the information from your search query preconfigured.
Use the Query Operators to add the field to your query or to exclude it. Available operators include AND, AND NOT, or OR.
Note
The full field summary functionality is not enabled for customers with an Exabeam Security Analytics license.
The default field summary (500 records only) is available on data past the license.