Display Results

The Results tab shows the events displayed as a list. This is sometimes also referred to as the Event list that displays the results of a query. The list includes the columns that have been previously selected in the Fields panel. The @timestamp and @rawstring columns are displayed by default in the list. In the example screenshot below, actor.ip and actionName were selected, therefore they are included in the list.

Screenshot showing the toolbar for setting how to display events

Figure 56. Event Display Modes

You can change the way events are displayed from the toolbar above the Event list:

Display options are (left to right in the toolbar):

Scroll to selected event makes it possible to scroll fields starting from a selected event.
Text wrapping is used to wrap lines or truncate fields after the first line.
Sort events changes the order of fields in the event. You can choose whether newest events appear at the bottom or top of the list.
Toggle fullscreen displays events in full-screen mode.

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Dashboards & Widgets

Automation

Query Language Syntax

Query Functions

Template Language

Keyboard Shortcuts

Display Results

Enter search term