An improved data intake and query system that can perform and display ingest-time and search-time field extraction, redaction, copy, and/or categorization is described herein. As described herein, ingest-time field extraction, redaction, copy, and/or categorization may refer to field or field value extraction, redaction, copy, and/or categorization that is performed by a log observer system of the data intake and query system on raw machine data as the raw machine data is ingested or received from a publisher. As described herein, search-time field extraction, redaction, copy, and/or categorization may refer to field or field value extraction, redaction, copy, and/or categorization that is performed by the log observer system and/or other components of the improved data intake and query system on historical raw machine data that has already been ingested and indexed by the improved data intake and query system.