Formatting Columns

You can control the columns appearance in the Event List by clicking the up-arrow-head next to the header.

Formatting Columns From the Event List

Figure 60. Formatting Columns From the Event List


Available options are:

  • Move — moves the column left or right in the Event List.

  • Drilldown — opens the available interaction options for that field, see Field Interactions.

  • Data type — allows to select a formatting data type for the field, see Field Data Types.

  • Edit column properties — opens the Format Panel to add columns or resize their width; see it depicted in Figure 53, “Format Panel”. This panel can also be used to set Field Data Types.

  • Delete — deletes the column from the Event list.

You can also fit the column to the content, clicking the border between the columns' headers in the Event List to enlarge/reduce the size by dragging the header.

Field Data Types

Data type column formatting option assigns a data type to field names, thus affecting how data is displayed in the Event List.

Available data types are:

  • Bytes formats the data size in bytes, with prefixes. Example: 1500000 will be displayed as 1.5 MB.

  • JSON offers a view of JSON data with expandable and collapsible nodes, allowing the interaction with its tree structure.

JSON Formatting Type

Figure 61. JSON Formatting Type


  • Log line highlights data in different colors on all columns if the data format is supported — supported formats are JSON, XML and accesslog. This is the default format for field @rawstring.

    Note

    An Invalid value error message is shown in the string in case of unsupported data format.

  • Number displays numbers with thousands separators and right-aligned column. Example: 1,000.24.

  • Text displays data as plain text. This is the default format for all fields except @rawstring, @timestamp and @ingesttimestamp.

  • Time Ago converts Unix timestamp with milliseconds in Time ago relative time. Example: 47m 12s ago.

  • Time Duration displays the milliseconds elapsed as duration. Example: 3000 is shown as 3s.

  • Timestamp displays the absolute Unix timestamp with milliseconds input format as exact date and time. Example: 1655110503000 is shown as 2022-06-13 10:55:03.000. This is the default format for fields @timestamp and @ingesttimestamp.

  • XML shows highlighted XML.

  • Make default for field saves the selected format as the default for that field, so that the data type previously chosen is kept when the field is removed and re-added in the Event List, rather than the standard format type for that field. These settings will never override the formatting chosen for any dashboard or widget already configured with different data types.