Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
outlinefalse
typeflat
separatorbrackets
printablefalse

About the data table

In the data table, each row represents an event and each field represents a data value correctly recognized by Devo. If the data is not separated by in several fields or is shown in the unknown tag structure of the search view, it is normally due to missing or incorrect tags. Learn more about tags in this article.

The data displayed in the table will change according to the operations you apply to build your query (filters, new fields...). Learn more about building queries here.

...

You can perform the following actions in the data table:

...

Shortcut

...

Action

...

Select a row + SPACE BAR

...

Data table shortcuts

Table of Contents
minLevel3
maxLevel3
outlinefalse
styledefault
typelist
printablefalse
Hover over a cell + ENTER

Status
titlecommand (MAC)
/
Status
titleCTRL (Windows)
+
Status
titleenter

3_data table.pngImage Added6_data table.pngImage Added

Access data table through free text query

When you are writing your query in the Free text query section (Data search Explore your data Free text query), use this shortcut to launch the query and open the corresponding data table (more info here).

Equivalent run button

You can also click the Run query button to launch the query and open the corresponding data table. Hovering over the Run button will reveal a tooltip with the shortcuts.

Status
titleselect row
+
Status
titlespace bar

10_data table.pngImage Added13_data table.pngImage Added16_data table.pngImage Added

Open event details

Click one row to select an event and use this shortcut to open the Selected events window. Hold

Status
titlecommand (MAC)
or
Status
titlecontrol (Windows)
while clicking rows to select several events.

  1. Rich views: this toggle change the way JSON fields are displayed, switching between hierarchy-based and plain (see picture on the left).

  2. Navigation: these buttons allow you to navigate the different events when several are selected on the table.

  3. Format: select the type of file to download the content (csv, json, or txt).

  4. Copy: this button is used to copy the content to your clipboard.

  5. Download: this button is used to perform the download in the specified format.

  6. Details: these are the fields that conforms the event, with their values and data types.

Equivalent toolbar button

You can also select the required event(s) and click the Selected events icon in the search window toolbar to open theSelected events window.

Image Removed

Status
titleSELECT cell
+
Status
titleenter

20_data table.pngImage Added25_data table.pngImage Added

Filter data using a cell’s value

You can

hover over

click a value in your table to select it and hit the

ENTER

Status
titleenter
key to apply a filter and get only events with that specific value in that field.

The Operations over fields window will be open in the Filter tab,

and

the Equal (eq, =) operation selected

.

Hover over a cell + P

Hover over any

, and the arguments automatically selected. You only need to click Filter to apply it.

Equivalent toolbar button

You can also click the Filter button on the toolbar, however, you need to manually select operation and arguments.

Status
titleSELECT cell
+
Status
titlep

30_data table.pngImage Added33_data table.pngImage Added36_data table.pngImage Added

Open cell details (any data type)

Select a cell in your data table and

click P on your keyboard

hit the

Status
titlep
key to open a window displaying the cell content. This feature becomes particularly useful when a cell's

contents.For JSON content, this is especially useful. If the content of the cell is of json data type, the window displays it

content is significantly long and cannot fit within the cell, even after resizing. You can copy the whole cell content using the Copy to clipboard button.

Open cell details (JSON data type)

When the cell contains data in JSON format, this window becomes particularly useful, as it displays content in a reader-friendly way

: name

. Field/value pairs are shown on separate lines and values are color-coded by data type. Learn more about this in Working with JSON objects in data tables

.Hover over a cell + C

.

Equivalent right-click option

You can also right-click the cell in question and select Pretty print to open the selected cell window.

Status
titleSELECT cell
+
Status
titlec

40_data table.pngImage Added45_data table.pngImage Added

Adding input to Cyber Chef

Use this shortcut to add cell values as input data in the CyberChef tool. Select the CyberChef icon in the toolbar to see the cells added. Learn more in Manipulate your data using CyberChef.

Image Removed

Equivalent writing method

To insert values as input, simply open CyberChef, click on the input field, and write the desired input.