table()

`table()`

The table() function displays query results in a table. It specifies a list of fields to select.

The table() function is an aggregate function and does as follows:

Sorts columns in the table based on specified field order.
Aggregates events based on the limit parameter. It will limit the number of events returned using the limit parameter.
Sorts results according to the sortby parameter.

For large data exports, consider using the select() function instead. The select() function provides similar tabular output but without row limits or sorting constraints.

Parameter	Type	Required	Default Value	Description
`fields`^[a]	array of strings	required		The names of the fields to select.
`limit`	number	optional^[b]	`200`	The argument given to this parameter determines the limit on the number of rows included in the result of the function. The default argument is `default`. The maximum is controlled by the `StateRowLimit` dynamic configuration, which is `StateRowLimit` by default. If the argument is `max` (`limit=max`), then the value of `StateRowLimit` is used.
			Valid Values
		Default Value	`200`	(removed in 1.180.99)
		Default Value	`100,000`	(introduced in 1.181.0)
			`max`	An alias to use the maximum limit set by `StateRowLimit` (introduced in 1.178.0)
		Maximum	`20,000`	The default maximum limit is not static and can be changed by setting the `StateRowLimit` dynamic configuration.
`order`	array of strings	optional^[b]	`desc`	Order to sort in.
			Valid Values
			`asc`	Ascending (A-Z, 0-9) order
			`desc`	Descending (Z-A, 9-0) order
`reverse`	boolean	optional^[b]		Whether to sort in descending order. Deprecated: prefer `order` instead.
`sortby`	array of strings	optional^[b]	`@timestamp`	Names of fields to sort by.
`type`	array of strings	optional^[b]	`number`	Type of the fields to sort.
			Valid Values
			`any`	Any fields. From version 1.125, this value is deprecated. (deprecated in 1.125.0)
			`hex`	Hexadecimal fields
			`number`	Numerical fields
			`string`	String fields
^[a]The parameter name `fields` can be omitted. ^[b]Optional parameters use their default value unless explicitly set.

Hide omitted argument names for this function

Show omitted argument names for this function

`table()` Syntax Examples

Create a table of HTTP GET methods displaying the fields statuscode and responsetime:

logscale

method=GET
| table([statuscode, responsetime])

Display the 50 slowest requests by name and responsetime:

logscale

table([name, responsetime], sortby=responsetime, limit=50, order=asc)

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

`table()`

`table()` Syntax Examples

Enter search term

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

table() Syntax Examples

Enter search term

`table()`

`table()` Syntax Examples