Build a query in the search window
The search window toolbar includes quick access to all these groups of operations for data querying.
Operations over columns window
The Operations Over Columns window opens when you select one of the operations above mentioned. This is where you define the required function and select the arguments needed for your query.
Create columns and aggregate data
The Create Column and Aggregate Function tabs contain the same fields. Both types of operations create a new column to contain the results of the selected operation performed on the selected argument(s), or columns. For example, the capture below shows an aggregation that will add a new column called HTTPrequests and will contain the count of grouped values in the user column. See Create columns or Aggregate data to learn more.
Note that you must group your data before performing an aggregation operation, so the Aggregate function tab will not be visible if your data is not grouped.
The Create Column tab includes buttons to filter the list of operations according to their case sensitivity. Some operations have a case sensitive and case insensitive version, so you can use these buttons to show only the version you need.
Filter data and Or tabs
The Filter Data and Or tabs contain different fields and options because a filter doesn't add a column; but rather the results of the selected operation performed on the selected argument(s) will be the inclusion or exclusion of rows from the query data. For example, the capture below shows a filter that will exclude (negated) records that contain a value in the countMethod column that is less than or equal to 150. 
Just like the Create column tab, the Filter data tab includes buttons to show only case insensitive or case insensitivity versions of those operations that have both options.
For specific information on each action, see Filter data or Filter column data using the OR selector.
Group data
The Group by tab contains a selector where you can choose the time period by which you want to group your data. Furthermore, you can also select No temporal if you don't want to group by time. In the capture below we are grouping the data in the uri and method columns every 15 minutes.
See Group data section for more information.
Selecting operations
In most of the tabs, you need to select an Operation from the drop-down list, then click New Argument to activate the field where you identify the necessary arguments. These two fields are interdependent. That is to say, the system will automatically validate or reject certain arguments based on the operation you have selected. Similarly, the system will identify valid operations in green and invalid operations in orange based on any arguments you have selected. For example, the capture below shows that for the selected argument eventdate, the operations that can be performed on that type of field are in green, while the invalid operations are shown in orange.
Each operation requires a specific number or type of argument(s). In some cases, you can also enter free text as an argument selecting this icon 
.
For more information about an operation's requirements, click the info icon next to the Operation field as shown below.
This operation has only one format, but some others accept different combinations, which are always indicated in the information section (e.g. the Rounding (round) operation has two different formats: round(arg_1) → result and round(arg_1, arg_2) → result). You can also check the number of arguments needed (in this case two) and the required format of the data you link to each argument (string, integer, float...).
Hints
- If you have too many or insufficient arguments, the system will automatically send you a warning message.
- If you haven't chosen the proper arguments, the system will automatically notify you.
