- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
Table View of Search Results
The Table view of Search results shows an overview of the results in a table format. Each row of the table represents an event in the results. The columns correspond to the set of fields defined in the selected Field template or made visible in the Event Details panel.
When you run a search, the results are displayed by default in the List view. To access the Table view, click the Table View icon ( 
) just above the navigation header for the search results.
You can interact with results in the Table view in a number of ways. The sections below provide more detail about each of the following portions of the Table view page:
Toolbar Options
When search results first display in the Table view, the toolbar above the results contains two rows. The top row contains the Summary button on the left and the view selector icons on the right. The second row of the toolbar displays page-specific options. To preserve viewing space as you scroll through the results, the toolbar collapses to one row. If you want to switch into a different view of the results, you'll need to return to the top of the page to redisplay the expanded version of the toolbar where the view selector icons are available.
On the toolbar, the following options are available:
Summary – Click to open a new panel on the left showing a list of all parsed fields in the search results, and a count of unique values for each field. By default, these results are calculated for the first 500 results. When opened, the Summary panel is pinned to the left side of the search results page. To close it, click the Summary button again. For more information about the options available on the Summary panel, see Field Summary.
View Selector Icons – Click on a view selector icon to switch into a different view of the search results data. Options include (
) List view and () Table View.Aggregation View – Click the Aggregation View icon (
) to view a high level summary of the search results. For more information about adding aggregation to your search results, see Aggregated Search Results.Field Template – Click the drop down menu to select which field template should determine the selection of fields displayed for each event in the results. By default, the
Autotemplate is selected. For more information about selecting a different template, see Field Templates.Rows per view – Click the drop-down menu to select the number of rows you want to view per page.
Pagination arrows – Click the pagination arrows to scroll backwards and forwards through the pages of event results.
Events in the Table View
Events in the Table view are listed, by default, in chronological rows, with the most recent events at the top. Each row in the table represents an event, while the columns provide the event-specific field values for each event. The columns displayed are based on the Field template that's selected in the toolbar. You can also add or remove columns, from the display, by changing field visibility in the Event Details panel.
You can interact with each event in the following ways:
Click the drop-down menu (
) icon beside any column header in the table to format the look of, or to hide/show each column.View Event Details – To view detailed information about a specific event in the table, click on any event row to open an Event Fields panel on the right. The panel opens with the Events tab displayed. It includes a full raw log message and the entire list of parsed fields from the event. For more information about working with this tab, see Event Details.