Filter data

Apply filters to table data to isolate or exclude specified field values. The results are returned immediately and displayed in chronological order and at the same time. The timeline is updated to match the query.

1. Select the  icon in the query window toolbar. The Operations Over Columns window appears with the Filter data option selected.
2. Choose the required filter type in the Operation drop-down list.
3. Select the arguments of the filter. Depending on the filter type selected, you will be prompted to select a set of specific arguments. 
   You can select columns or also enter free text clicking the  icon, as is sometimes required for an operation. For example, you might filter for URLs that contain the string bing. Then choose normal to include the filtered events, or select negated to exclude the filtered events.
4. Click Filter data when you're done. The data table will only show those events that meet the conditions of the filter applied.
   
   

Alternatively, you can create a filter in one of the following ways:

• If you select a cell from the data table and press ENTER, the Operations over columns window will be open in the Filter data tab, and the Equal (eq, =) operation selected. The cell selected and the column it belongs to will be automatically added as arguments of the filter.

• Select the arrow icon that appears when hovering over a column header to see the list of distinct values in that column, then click a value name. The Operations over columns window will be open in the Filter data tab, and the Equal (eq, =) operation selected. The column and value selected will be automatically added as arguments of the filter.