Data table

COMMAND (MAC)/CTRL (WINDOWS) + ENTER

Access data table through free text query

When you are writing your query in the Free text query section (Data search → Explore your data → Free text query), use this shortcut to launch the query and open the corresponding data table (more info here).

Equivalent run button

You can also click the Run query button to launch the query and open the corresponding data table. Hovering over the Run button will reveal a tooltip with the shortcuts.

SELECT ROW + SPACE BAR

Open event details

Click one row to select an event and use this shortcut to open the Selected events window. Hold COMMAND (MAC) or CONTROL (WINDOWS) while clicking rows to select several events.

1. Rich views: this toggle change the way JSON fields are displayed, switching between hierarchy-based and plain (see picture on the left).

2. Navigation: these buttons allow you to navigate the different events when several are selected on the table.

3. Format: select the type of file to download the content (csv, json, or txt).

4. Copy: this button is used to copy the content to your clipboard.

5. Download: this button is used to perform the download in the specified format.

6. Details: these are the fields that conforms the event, with their values and data types.

Equivalent toolbar button

You can also select the required event(s) and click the Selected events icon in the search window toolbar to open the Selected events window.

HOVER OVER CELL + ENTER

Filter data using a cell’s value

You can hover over a value in your table and hit the ENTER key to apply a filter and get only events with that specific value in that field.

The Operations over fields window will be open in the Filter tab, the Equal (eq, =) operation selected, and the arguments automatically selected. You only need to click Filter to apply it.

Equivalent toolbar button

You can also click the Filter button on the toolbar, however, you need to manually select operation and arguments.

HOVER OVER CELL + P

Open cell details (any data type)

Hover over a cell in your data table and hit the P key to open a window displaying the cell content. This feature becomes particularly useful when a cell's content is significantly long and cannot fit within the cell, even after resizing. You can copy the whole cell content using the Copy to clipboard button.

Open cell details (JSON data type)

When the cell contains data in JSON format, this window becomes particularly useful, as it displays content in a reader-friendly way. Field/value pairs are shown on separate lines and values are color-coded by data type. Learn more about this in Working with JSON objects in data tables.

Equivalent right-click option

You can also right-click the cell in question and select Pretty print to open the selected cell window.

HOVER OVER CELL + C

Adding input to Cyber Chef

Use this shortcut to add cell values as input data in the CyberChef tool. Select the CyberChef icon in the toolbar to see the cells added. Learn more in Manipulate your data using CyberChef.

Equivalent writing method

To insert values as input, simply open CyberChef, click on the input field, and write the desired input.