...

Description: The display format of the column header values in the summary table. See format.

Description

In This function is used to change the display mode of any of the column names and/or values in the summary table resulting from the complex search, does any or all of the following for each column name specified:

...

Complex Search, by:

• Changing the column name to a new column name.
• Assumes that the format of Displaying the column is the values in a specified format.Assumes that
• the output unit of Displaying the column values is the in a specified output unit.
• Assumes that Assuming that the input unit of the column values is the specified unit, and converts converting it to the specified output unit specified.

The display of several columns in the summary table of a complex search can be changed by placing them in a comma-separated list.

Note: in case the same function is applied on different fields it is possible to set the display in the function activation area itself in the query by specifying FUNCTION COLUMN_NAME AS DISPLAY_NAME. See example 3.

Examples

Example 1:  

* in log.access | count , avg Bytes Sent | group by url | display avg as Average Bytes in volume format

For each URL in the access log events, show the number of log events and the average of the Bytes Sent column. In the table, replace replaces the avg header with Average Bytes, and show shows the values in volume format in Bytes (default).

...

* in log.access | avg time taken | display avg in time format(“SEC”,”MIN”) 

 In the access log events, calculate calculates the average of the time taken column values, assume  assumes that the input value is in seconds, and convert converts and display displays it in minutes.   . 

Example 3:  

* in log.access | avg time taken as Average Time Taken, avg Bytes Sent as Average Bytes Sent

 In the access log events, calculates the average of the time taken and bytes sent columns values, settings a result column name to each one in the function definition level.