Search Commands
Regular Expression
To match a phrase with a regular expression, begin with rex followed by the expression.
The example below matches all non-whitespace, and assigns the matched phrase to variableForMatch
| rex " (?<variableForMatch>[^\s]+)"
Concat Fields
The period is equivalent +. E.g.
| eval requestedUri="https://localhost".URI."?".PARAMS`
Search Field
| rex " (?<variableForMatch>[^\s]+)
| search variableForMatch != *foo*
Time Chart
| timechart count by foo
Dashboard
Using Inputs as Variables
The Input widget gets assigned a variable. That variable can be referenced in queries with dollar signs e.g. $userInput$
CSS
<row>
<panel>
<html>
<div style="text-align:center;font-size:36px;font-weight:bold;background-color:#26a7de;padding: 10px 10px 10px 10px;color:white;">A Title</div>
</html>
</panel>
</row>