Display Results and Events

LogScale presents the data returned from a search in a list format. By default, this list includes the @timestamp and @rawstring columns, plus any columns selected in the Fields panel.

Display tabs

Depending on the contents and functions used in the query, different tabs for displaying output data appear based on the query, for example if the query includes Aggregate Query Functions. Available tabs are:

  • Results tab

    Presents the final results from the query once all of the elements of the source query including filters and aggregations (for example using groupBy()) have been completed.

    • Events tab

      It is the event list that displays the results of a query. For queries without a prefix, this tab includes the raw event data after matches and filtering, but before aggregation.

    • Table tab

      Appears when the defineTable() function is used in the source query, to display the results of the ad-hoc table defined by the function.

      The display of matching entries for the table is limited to the first 500 rows. For more information, see How to Use Ad-hoc Tables in Queries.

    Display options

    You can change the way events are displayed from the Tool panel above the Event list:

    Screenshot showing the toolbar for setting how to display events

    Figure 69. Event Display Modes


    The Tool panel allows for these options:

    • Filter match highlighting allows highlighting results based on the filters applied in queries. See Highlight Filter Match for more information.

    • scrolls to selected event to make it possible to scroll fields starting from a selected event.

    • Text wrapping is used to wrap lines or truncate fields after the first line.

    • changes the order of fields in the event. You can choose whether newest events appear at the bottom or top of the list.

    • toggles/untoggles fullscreen to display events in full-screen mode.