fields command

Note

To see which AWS data source integrations support this PPL command, see Commands.

Use the fields command to keep or remove fields from the search result.

Syntax

Use the following syntax:


field [+|-] <field-list>

index: Optional.

If the plus (+) is used, only the fields specified in the field list will be kept.

If the minus (-) is used, all the fields specified in the field list will be removed.

Default: +
field list: Mandatory. A comma-delimited list of fields to keep or remove.

Example 1: Select specified fields from result

This example shows how to fetch account_number, firstname, and lastname fields from search results.

PPL query:


os> source=accounts | fields account_number, firstname, lastname;
fetched rows / total rows = 4/4
+------------------+-------------+------------+
| account_number   | firstname   | lastname   |
|------------------+-------------+------------|
| 1                | Jane        | Doe        |
| 6                | John        | Doe        |
| 13               | Jorge       | Souza      |
| 18               | Juan        | Li         |
+------------------+-------------+------------+

Example 2: Remove specified fields from result

This example shows how to remove the account_number field from search results.

PPL query:


os> source=accounts | fields account_number, firstname, lastname | fields - account_number ;
fetched rows / total rows = 4/4
+-------------+------------+
| firstname   | lastname   |
|-------------+------------|
| Jane        | Doe        |
| John        | Doe        |
| Jorge       | Souza      |
| Juan        | Li         |
+-------------+------------+

Additional examples

source = table
source = table | fields a,b,c
source = table | fields + a,b,c
source = table | fields - b,c
source = table | eval b1 = b | fields - b1,c

Nested-fields example:


`source = catalog.schema.table1, catalog.schema.table2 | fields A.nested1, B.nested1`
`source = catalog.table | where struct_col2.field1.subfield > 'valueA' | sort int_col | fields  int_col, struct_col.field1.subfield, struct_col2.field1.subfield`
`source = catalog.schema.table | where struct_col2.field1.subfield > 'valueA' | sort int_col | fields  int_col, struct_col.field1.subfield, struct_col2.field1.subfield`

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions