Cloudera Docs » 1.3.0 » User Guide
User Guide
Also available as:
PDF

Filtering By Field

You can filter search results to display only those documents that contain a particular value in a field. You can also create negative filters than exclude documents that contain the specified field value.

You can add filters from the Fields list or from the Documents table. When you add a filter, it is displayed in the filter bar below the search query. From the filter bar, you can enable or disable a filter, invert the filter (change it from a positive filter to a negative filter and vice-versa), toggle the filter on or off, or remove it entirely.

To filter the results of a query, complete the following steps:

  1. Click the Discover tab to display the Discover window.

  2. Choose the index pattern for which you want to create a query.

    The Metron Dashboard displays the fields associated with the index pattern in the Field list and also in the Document table. The following steps assume you are using the Fields list.

  3. In the Fields list, click the name of the field on which you want to filter.

    The Metron dashboard displays the top five values for that field.

  4. Add a filter by clicking one of the Filter buttons (positive or negative magnifying glass icon) next to the value you want to filter in or out.

    To filter out documents that don’t contain the value in the field, click the Positive Magnifying Glass icon ().

    To filter out documents that do contain the value in the field, click the Negative Magnifying Glass icon ().

  5. Click the Save Search () button in the Discover toolbar to save the search.

    Saving a search saves both the query string and the currently selected index pattern.

  6. Enter a name for the search and click Save.

© 2012–2020, Cloudera, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Cloudera.com | Documentation | Support | Community