Once a search query is performed, all matches will be listed below the histogram bar. This list is sorted based on the time stamp value – by default.



Field values which produce matches, based on the search criteria, will be highlighted in the search results. Please note that highlights will only be visible in the "list view" if the field column in which said match occurred is considered a "Selected Field".

Search Results: Columns

Multiple columns based on fields can be assigned to display values for each result.



The columns displayed in the search result list mirror those fields that are currently considered "Selected Fields" for the index pattern being used to perform the search query. Adding or removing fields to the "Selected Fields" group will dynamically affect the search result list as well.



Search Results: Tables

Users wishing to see each individually listed field and its values, can do so by selecting the dropdown arrow next to each result on the list.



Selecting the arrow will expand the result, displaying a table containing each individual field (determined by the index pattern) and highlight the value triggering the match.



In addition to viewing each field and values for that specific result, users are able to select fields of interest and add them to the columns in the "list view" or even select a specific value as a positive or negative filter for the search query.