fieldsummary
Use this command to return data for the specified fields.
Syntax
fieldsummary [<fieldsummary_options>] <field_name> (,<field_name>)*where the syntax for <fieldsummary_options> is:
[maxvalues = <limit>] [includenulls = [true|false]] [includetrends=[true|false]]Parameters and Variables
The following table lists the parameters and variables used in this command, along with their descriptions.
| Parameter / Variable | Description |
|---|---|
| <maxvalues> | Use this option to specify the number of distinct values you want to see. If no value is specified for this variable, then the default of 100 is assumed. Set the value of this variable to —1 to view all distinct values. |
| <includenulls> | Set this option to true to view a null value of each field in addition to maxvalues number of non-null values. The default of false is assumed, in which case, you can view maxvalues number of non-null values for each field. |
| <includetrends> | Set this option to false to avoid viewing the trend data with the result of the command. The default value is true. |
For each distinct value, this query returns the following fields:
-
field: The field name
-
value: The value of the field
-
count: The number of times the specified distinct value occurs
-
trend: Trend of log entries that match the pattern over time
The following query returns the summaries for the entity type and severity fields for all fatal logs.
Severity='fatal' | fieldsummary maxvalues = 10 'Entity Type', Severity