Search can be done in a captured set of data like this using a javascript expression

ahhh i tried to do that with the filter but it didnt let me free search

i had to go to Sources / then Live Data

it's touchy, click in there type search and hit enter

is this not like splunk search

but kind of like %contain%

lol, that's what Cribl Search (product) is for... This is a simple way to just display records you are looking for in a capture.

Any valid javascript expression can be used to match the records... For example if u have an array of strings (named arr): `arr.includes('someValue')`

so cribl stream doesnt really have that search baked in

so searching ALL would it be _raw

You can access the search product. Stream is designed to move data from point A to point B.

cause im getting 10000s of promethus but im not sure what/wehre it is but i know

oh is that only cloud view

yes, Search is only available in Cloud for now. Hopefully the filtering technique listed above will help you sift through the records you are looking for

ya trying to find how can you filter through all fields

as each event i dont know what fields im seeing (this is the data learning porttion on how / what to look for)

*.includes(‘something’)

if looking in raw, `_raw.includes('some text')` is a quick way to do it

if _raw has all in 1 but the prometheus write i dont know

does _raw come in all

yes

well, most cases have _raw

ya this one i dont

but 100k records im not sure how to look for what i need but i do know what keyword globally i just dont know what fields are there to search. in splunk world (super lazy but quick was search the text and it would search through everything matching

kind of real world example on how to idenitfy inbound data when i dont know what it is to look for hehe

the m indicates its a metric. Those two rows are metrics

ya so i dont know if alll rows are metrics theres other scenarios so its like guessing what is where

if your trying to explore some captured data or sample data from pipeline you can also use following options to further refine which fields in the dataset to display, which columns to show.

what type of data are you trying to analyze?

ya it just doesnt work if i dont know what field that data is going to show in

i found it out instance (but i had to reverse engineer what the tcpdump shows) can that filter search ALL text through ALL fields even if you dont know what field is what im after

There's pretty much two options: send data to Splunk or any comparable destination, use that to search. Or create a pipeline that serializes all fields to one field in e.g. KV. format, then use the filter to search on that field. For the latter, make sure the point you capture at is after the pipeline is applied, e.g. "Before destination"

oh wow ( im in the information discovery phase so sometimees i dont know what to look for but maybe could regex have a filter on scanning 80 fields but not sure where the text i need is in one of those (kind of interesting as cribl main thing is part of data inbound) but doing simple IF anything contains i thought would be out of the box