Display Results

The Results tab shows the events displayed as a list. This is sometimes also referred to as the Event list that displays the results of a query. The list includes the columns that have been previously selected in the Fields panel. The @timestamp and @rawstring columns are displayed by default in the list. In the example screenshot below, actor.ip and actionName were selected, therefore they are included in the list.

You can change the way events are displayed from the toolbar above the Event list:

Figure 63. Results Tab and Display Modes

Display options are (left to right in the toolbar):

Filter match highlighting allows highlighting results based on the filters applied in queries. See Highlight Filter Match for more information.
Scroll to selected event makes it possible to scroll fields starting from a selected event.
Text wrapping is used to wrap lines or truncate fields after the first line.
Sort events changes the order of fields in the event. You can choose whether newest events appear at the bottom or top of the list.
Hide event distribution chart allows hiding the event histogram to get more space when looking at data.
Toggle fullscreen displays events in full-screen mode.

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

Display Results

Enter search term