DataGrid Widget

This widget is used to visualize query results in the form of a table.

The DataGrid widget is useful to view results in the form of a table. TAIL query results are also displayed in the widget.
Field Description
Query Enter a search query. Enter USE to start an EQL statement or SELECT to start an SQL statement. You can search based on filter and time Bloks as well.
Date & Time You can enter absolute and relative time ranges.

For example, enter -5h as a relative time range to display results for events that occur in the last 5 hours.

Column(s) Column value of the selected field is used to plot the widget.
Options Select the required options to display in the widget result:
  • Show Row Numbers
  • Show Table Header
  • Hide Column Separator
  • Enable Context Menu
  • Enable CSV Export
  • Enable Excel Export

Even if you select the Enable CSV Export or Enable Excel Export options, the relevant menu options are available in the Filter menu only if the Enable Context Menu option is also selected.

Filter menu This menu is available only if Enable Context Menu is selected in the Options field.

If Enable Context Menu is selected in the Options field, the following options are available after right-clicking the widget:

  • Show/Hide filters
  • Show/Hide table header (if the Show Table Header option is also selected in the Options field)
  • Export as CSV - all data or selected data (if the Enable CSV Export option is also selected in the Options field)
  • Export as Excel - all data or selected data (if the Enable PDF Export option is also selected in the Options field)
Buffer size The number of rows to be displayed in the DataGrid after refreshing the widget. For example, if the buffer size is 100 and the query returns 150 results, the latest 100 results are displayed.

The default is 1000 rows.

Widget description A short description for the widget. On the Advanced Dashboard, the description is displayed when you hover over the widget.
Auto load Click the slider to ON to automatically load widget data on the Advanced Dashboard.
  • By default, it is disabled for newly created widgets, but enabled for the widgets created in LogLogic LMI 6.3.0 and earlier.
  • Disabling the Auto load option disables the Auto refresh option. However, you can manually refresh the widget on the Advanced Dashboard to load its data.
Auto refresh Click the slider to ON to refresh the widget. By default, it is set to OFF.
Refresh widget every If Auto refresh is set to ON, enter a time interval in seconds to refresh the widget. Refresh action starts after the data is completely retrieved and displayed.

Example

For the search query: 
use LogLogic_Appliance
the columns are sys_collectIP and sys_body. The total number of events is displayed if the Options field includes Show Table Header. The filter menu is available in the results if the Options field includes Enable Grid Menu.
Related tasks
Related reference