This dashboard provides and overview of the data that is available to query.
Click on the index below to review source types in that index, and then a sourcetype to review fields. Finally, you can click on a field to see sample values in that field.
Click “Show Filters” above to open a search window to search for specific index, sourcetype or field name.

When you run the build query, if a field/sourcetype/index is found, the entry will be updated with the date/time that is was found.


  1. Chris

    search used to generate csv. I think this would be helpful to add. I had to decode the url encoding.
    | tstats count WHERE index=* OR index=_* GROUPBY index, sourcetype
    | rename index AS indexname, sourcetype AS sourcetypename
    | map maxsearches=200 search=”| search index=\”$indexname$\” sourcetype=\”$sourcetypename$\” | head 1000 | fieldsummary | eval index=\”$indexname$\”, sourcetype=\”$sourcetypename$\” | fields index, sourcetype, field”
    |dedup index sourcetype field
    |eval last_found=(now())
    |convert ctime(last_found)
    |dedup index sourcetype field
    |outputlookup exploremydata.csv

