Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

fields

The fields command is used to specifiy the fields that should be present in each event

Syntax

The fields command accepts a list of field names:

| fields foo bar baz

This command will remove all fields from an event except for foo, bar, and baz; if any of these fields are not present in the event, they will be added with a null value.

Example

Only retain the _raw and _time fields for all events:

| fields _raw _time