Formatting a request
Search terms can be long and difficult to understand. The Search Panel contains functions that will help you parse and interpret the syntax of the search processing language SAFL.
Syntax highlighting
Syntax highlighting provides visual highlighting of the various components of SAFL, making them more distinguishable and improving the readability of search results. Commands, arguments, functions, and keywords are color coded to help users analyze data faster and more accurately. The image below shows an example of a search string using syntax highlighting.
Syntax highlighting highlights commands, arguments, functions, and keywords using different colors. However, if any of these elements are entered incorrectly or contain an error, then color highlighting is not applied. The absence of color highlighting serves as an important indicator of incorrect syntax, alerting the user to possible errors.
Color codes
The color coding used to highlight search query syntax varies depending on the selected color theme. The default is light theme. Below are the color codes for light and dark themes:
| Syntactic component | Color | Example |
|---|---|---|
| Commands | Blue | timechart |
| Command Arguments | Green | join type=left name |
| Functions | Pink | timechart count |
| Logical operators and reserved words | Orange | aggs сount bysource.ip |
| Comments | Grey | timechart count /*comment*/ |
The screenshot shows syntax highlighting using a dark theme.
Changing the color theme
Changing the color scheme is available in the section Account Menu - Personalization.
Formatting a request
When forming a search query, it is recommended to use formatting, which will make the query more readable. Formatting activated by keyboard shortcut:
-
On Linux or Windows use Ctrl + \
-
On Mac OSX use Command ⌘ + \
Search query without formatting:
source food_orders | aggs count, values(items) by user_id | table count, sum_order, items, user_id |sort - user_id
Search query with formatting:
source food_orders
| aggs count, values by user_id
| table count, sum_order, items, user_id
| sort - user_id
Using keyboard shortcuts
Use these keyboard shortcuts to undo and redo actions in the search bar:
- Undo previous action in Linux or Windows: Ctrl + Z, in Mac OSX Command ⌘ + Z
- Repeat the previous action in Linux or Windows: Ctrl + Y, in Mac OSX Command ⌘ + Y