- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
List View of Search Results
After you have run a search, a listing of the events matching your search criteria is shown at the bottom of the Search home page.
The default view is a list view, click the 
or 
icons to toggle between table view and list view.
Each event has a natural language title that provides a simple description of the event. Each event title includes an icon that indicates the event type, and in some cases the title also includes a dynamic field. You can click on these dynamic fields for additional options, as with any parsed field (such as adding it to the query, copying it, or visualizing it). In cases where no event title is available, or not enough fields were parsed, the event title defaults to the subject of the event.
Click Aggregations to view a high level search results summary. (See Aggregated Search Results for information on adding aggregation to your search results).
Click inside the raw log, or the View all fields (
) icon to display the Event Details box.
Click the Copy Link (
) icon to copy the link to that event.
Click the Copy Raw Log (
) icon to copy the raw log data.
Click on any parsed field to display possible options for the field (options may vary depending on the query):
Use the AND, AND NOT, and OR operators to add the field to your query.
Click Copy to copy the value of the field to the clipboard.
Click Visualize Field to pivot immediately to the Dashboard app, where you will be presented with the visualization editor view with the information from your search query preconfigured.