| COMMAND | DESCRIPTION |
|---|---|
chart, timechart | Returns results in a tabular output for (time-series) charting |
dedup X | Removes duplicate results on a field X |
eval | Calculates an expression (see Calculations) |
fields | Removes fields from search results |
head/tail N | Returns the first/last N results, where N is a positive integer |
lookup | Adds field values from an external source |
rename | Renames a field. Use wildcards (*) to specify multiple fields. |
rex | Extract fields according to specified regular expression(s) |
search | Filters results to those that match the search expression |
sort X | Sorts the search results by the specified fields X |
stats | Provides statistics, grouped optionally by fields |
mstats | Similar to stats but used on metrics instead of events |
table | Displays data fields in table format. |
top/rare | Displays the most/least common values of a field |
transaction | Groups search results into transactions |
where | Filters search results using eval expressions. For comparing two different fields. |