Views:

Learn about the actions available for your query results.

Action
Description
Switch between query result views
Click View and select a view:
  • Standard View: The default view. Displays only the Logged column.
  • Column: Displays fields as user-defined columns.
  • Field groups: Organizes fields into user-defined groups. The field group view includes the preconfigured Recommended Field Groups view.
Create custom views
On the Data Grouping panel, right-click any field to start creating a custom view.
You can add or remove fields from custom column views by right-clicking the field and selecting Add to Column View or Remove from Column View.
View the data grouping and matched events of your query result detections
On the Data Grouping panel, click expandIcon=GUID-20231214145353.png to expand any field and view the matched events from your detections.
View events in your query results
Click expandIcon=GUID-20231214145353.png to expand any event and view the detected data.
Export query views
Click export_button=GUID-C683DEEE-C19C-484D-A5B1-4CA9D1794756=1=en-us=Low.jpg to export the view to a JSON file.
Import query views
Click View and select Import Views to import one or more JSON files containing views.
Related information