Views:

Learn about the actions available for your query results.

Action
Description
Export query results
Click export_button=GUID-C683DEEE-C19C-484D-A5B1-4CA9D1794756=1=en-us=Low.jpg and select from the drop-down menu to export up to a maximum of 1,000,000 query results in CSV or JSON format.
Import query views
Click View and select Import Views to import one or more JSON files containing views.
Switch between query result views
Click View and select a view:
  • Standard View: The default view. Displays only the Logged column.
  • Column: Displays fields as user-defined columns.
  • Field groups: Organizes fields into user-defined groups. The field group view includes the preconfigured Recommended Field Groups view.
Create custom views
On the Data Grouping panel, right-click any field to start creating a custom view.
You can add or remove fields from custom column views by right-clicking the field and selecting Add to Column View or Remove from Column View.
View the data grouping and matched events of your query result detections
On the Data Grouping panel, click expandIcon=GUID-20231214145353.png to expand any field and view the matched events from your detections.
Note
Note
Displayed values for each field in the Data Grouping section are aggregated from fields, and are not raw record counts. Elements from each field are expanded and counted individually during aggregation.
  • For example, if a field contains two records with array values such as the following: record1: [a,b] and record2: [a,c], then Data Grouping displays 3 values from 2 records due to array expansion. The value a appears twice, b appears once, and c appears once.
View events in your query results
Click expandIcon=GUID-20231214145353.png to expand any event and view the detected data.
Related information