...

The display of several columns in the summary table of a complex search can be changed by placing them in a comma-separated list.

Note: in case the same function is applied on different fields it is possible to set the display in the function activation area itself in the query by specifying FUNCTION COLUMN_NAME AS DISPLAY_NAME. See example 3.

Examples

Example 1:  

* in log.access | count , avg Bytes Sent | group by url | display avg as Average Bytes in volume format

For each URL in the access log events, show the number of log events and the average of the Bytes Sent column. In the table, replace replaces the avg header with Average Bytes, and show shows the values in volume format in Bytes (default).

...

* in log.access | avg time taken | display avg in time format(“SEC”,”MIN”) 

 In the access log events, calculate calculates the average of the time taken column values, assume  assumes that the input value is in seconds, and convert converts and display displays it in minutes. 

Example 3:  

* in log.access | avg time taken as Average Time Taken, avg Bytes Sent as Average Bytes Sent

 In the access log events, calculates the average of the time taken and bytes sent columns values, settings a result column name to each one in the function definition level.