Versions Compared

Old Version 5

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version Current

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Synopsis

Changes the display name names, formats, and/or format of specified columns in the time units of column(s) in the summary table resulting from the complex search(es) preceding the pipe character.

Syntax

display [Result_Column_Name] (as [New _Column_Name]) (in [Format_Type] format) )(["Input_Unit"],)(["Output_Unit"]) (, [RESULT_COLUMN_NAME] (as [NEW_COLUMN_NAME] )…)

...

Description: The name of the column header in the resulting events whose name and/or format you summary table resulting from the complex search, whose name, format, or output unit you want to change in the resulting summary table.

Optional Arguments

New_Column_Name

Syntax: <character string>

Description: The new display name of the of the column header displayed in the summary table.

Format_Type

Syntax: <character string>number, simple, time, date, volume, regexp, or expression

Description: The new The display format of the column header values . This can be any of the following formats:

  • number  –  format the text in the column to number format : (“#.##”) – the decimal format of the number
  • simple – display columns in different format : (“column.name1 – column.name2”) – replace the columns with the values from the result
  • time – display the value in a time format way: (“[OUTPUT_UNIT]”) , (“[INPUT_UNIT] “,“[OUTPUT_UNIT]”) – display the column in output format and use input unit In case it is different from milliseconds.
    Time units: [microsec,ms,sec,min,hour,day]
  • date – display the value in day format: (“[SIMPLE DATE FORMAT]”) – change the date format
  • volume – display the value in the volume format way: (“[OUTPUT_UNIT]”) , (“[INPUT_UNIT] “,“[OUTPUT_UNIT]”) – display the column in output format and use input unit in case it is different from bytes.
    Volume units: [B,KB,MB,GB]
  • regexp – use regexp to extract values from the data: (“[REGEXP]”) – display the first group that is found from the regular expression
  • expression – use the expression to make a calculation on a column result: (“[EXPRESSION]”) – use an expression to calculate different result value

Description

For each event that has the specified column name, does the following, as specified:

  • Changes the column name to the new column name,
  • Changes the format of the column name to the specified format.

Several columns can be changed, in the summary table. See format.

Description

This function is used to change the display mode of any of the column names and/or values in the summary table resulting from the Complex Search, by:

  • Changing the column name to a new column name.
  • Displaying the column values in a specified format.
  • Displaying the column values in a specified output unit.
  • Assuming that the input unit of the column values is the specified unit, and converting it to the specified output unit.

The display of several columns in the summary table of a complex search can be changed by placing them in a comma-separated list.

Note: in case the same function is applied on different fields it is possible to set the display in the function activation area itself in the query by specifying FUNCTION COLUMN_NAME AS DISPLAY_NAME. See example 3.

Examples

Example 1:  

* in log.access | count , avg Bytes Sent | group by url | display Column_Xavg as Column_Y

 In log access events, change the display name of Column_X to Column_Y.

 Average Bytes in volume format

For each URL in the access log events, show the number of log events and the average of the Bytes Sent column. In the table, replaces the avg header with Average Bytes, and shows the values in volume format in Bytes (default).

 Example 2:  

* in log.access | avg time counttaken | display Volume_Interval_Columnavg in volumetime format ("Output_Unit"(“SEC”,”MIN”

 Assumes  In the access log events, calculates the average of the time taken column values, assumes that the input value in Volume_Interval_Column is in bytesseconds, and converts and displays it in Output_Unit format. Optional volume units are B, KB, MB, and GBin minutes. 

Example 3:  

* in log.access | avg time taken as Average Time Taken, avg Bytes Sent as Average Bytes Sent

 In the access log events, calculates the average of the time taken and bytes sent columns values, settings a result column name to each one in the function definition level.