Columns in Search
Would be nice if you could select the columns you want to see in the search result window as well as being able to resize the column width and select number of rows to see.
Selecting columns is implemented with the command ‘Select’. It is designed to work like Select-Object cmdlet in powershell.
Type=Event | Select EventID,RenderedDescription
will yield results that only show the two selected fields.
I would love to be able to select expressions with aliases and then pipe these new fields along similar to TSQL.
We closed this idea as the 'Select' command bugs have been fixed.
Feel free to open a NEW idea if also the graphical selection of fields thru the UX is a requirement and the 'Select' command isn't considered enough.
When I search for "Locked-out Accounts" (Type=SecurityEvent EventID=4740 Account="DOMAIN\\AD_SERVER$" ) and review the results, it shows "TimeGenerated", "Account", "Computer", "Activity" and "[+] show more".
When I click "[+] show more" it shows many rows we are not interested in. We must also click this for each entry.
What we really want is to be able to just add one row ie. "Target Account" or "TargetUserName" to every result.