Versions Compared

Old Version 2

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version Current

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Synopsis

Changes the display name and format of specified columnsnames, formats, and/or time units of column(s) in the summary table resulting from the complex search(es) preceding the pipe character.

Syntax

display [RESULTResult_COLUMNColumn_NAMEName] (as [NEWNew _COLUMNColumn_NAMEName]) (in [Format_Type] format) (["Input_Unit"],)(["Output_Unit"]) (, [RESULT_COLUMN_NAME] (as [NEW_COLUMN_NAME] )…)

Required Arguments

RESULTResult_COLUMN_NAME
NEW _COLUMN_NAME
formatColumn_Name

Syntax: <character string>

Description: The name of the column header in the summary table resulting from the complex search, whose name, format, or output unit you want to change.

Optional Arguments

New_Column_Name

Syntax: <character string>

Description: The new display name of the of the column header that has IP address values

Optional Arguments

None

Description

For each event that has the specified IP_address_column_name with an IP address value, extracts the city name from the IP address, using the hostip.info databasein the summary table.

Format_Type

Syntax: number, simple, time, date, volume, regexp, or expression

Description: The display format of the column header values in the summary table. See format.

Description

This function is used to change the display mode of any of the column names and/or values in the summary table resulting from the Complex Search, by:

  • Changing the column name to a new column name.
  • Displaying the column values in a specified format.
  • Displaying the column values in a specified output unit.
  • Assuming that the input unit of the column values is the specified unit, and converting it to the specified output unit.

The display of several columns in the summary table of a complex search can be changed by placing them in a comma-separated list.

Note: in case the same function is applied on different fields it is possible to set the display in the function activation area itself in the query by specifying FUNCTION COLUMN_NAME AS DISPLAY_NAME. See example 3.

Examples

Example 1:  

* in log.access | count , avg Bytes Sent | group by url | display avg as Average Bytes in volume format

For each URL in the access log events, show the number of log events and the average of the Bytes Sent column. In the table, replaces the avg header with Average Bytes, and shows the values in volume format in Bytes (default).

 Example 2:  

* in log.

...

access | avg time taken | display avg in time format(“SEC”,”MIN”) 

 In the access log events, calculates the average of the time taken column values, assumes that the input value is in seconds, and converts and displays it in minutes. 

Example 3:  

* in log.access | avg time taken as Average Time Taken, avg Bytes Sent as Average Bytes Sent

 In the access log events, calculates the average of the time taken and bytes sent columns values, settings a result column name to each one in the function definition level.