Fields Command

Use this command to specify which files to add or remove from the retrieved results, based on the field names.


Original Log Content is added by default, if no fields command is specified. The default field can be excluded if necessary. If the default field is excluded, and no other field is specified, then an empty response with just the matching number of results available is returned, unless that is explicitly excluded, as well.


fields [+|-] <field_name> (,[+|-]<field_name>)*


The following table lists the parameters and variables used with this command, along with their descriptions.

Parameter Description


Use this variable to specify the field from or to which files are to be added.

For examples of using this command in typical scenarios, see:

The following query returns a list of logs, with their timestamp, target, target type, and severity.

* | fields Time, Target, 'Target Type', Severity