Filter

We can achieve the same search functionality which we have just covered under the search option using the filter option. We do this by providing the fields as source.port, operates as is, and values as 80. We can give this filter a label, such as Port 80 filter, to make it more understandable for an end user, as this label tells us that we are trying to apply a filter for port 80. In the same way, we can create other filters as well, such as for the tcp transport protocol. In this way, we can add filters, apply them, and further drill down by searching on top of that applied filter.

We can also apply the filter directly by clicking on the filter icon in front of any field in a tabular view. This will automatically filter the record by creating a new filter for that field. For example, we have opened the tabular view of a document, and while looking at the fields, we have found a dest.port field, which denotes the destination port. Now, if we want to get data for any particular port number, we can click on the plus search icon in front of this field name to apply the filter on the dest.port field. The filter will pick the value of that particular row against the field name, which can be modified by editing the filter value. The following screenshot shows us the filtered view with the Edit filter box, where we can modify the filter options:

In the preceding screenshot, we are adding the filter for source.port using the Add a filter link. We can also generate the Elasticsearch Query DSL for this by clicking on the Edit Query DSL link in the box. A self-explanatory label can be added for the filter to make it more readable because this label will be shown on the filter and we can easily find out about the filter using its label.