Event Field Selection Settings
- The query results table should be configured appropriately to view the results of a query.
- SOCaaP ships with ten event field columns in the query results table
- This interface allows you to add event field columns to the results table that will be valid for all queries.
- Alternatively, you can add event field columns on a one-off basis for a particular query. See 'Configure results table for a query' for more details.
Configure the query results table
- Click the hamburger icon > 'Investigation' > 'Event Field Selection Settings'
All default and custom event fields are shown:
- Selected Field Values – The name of the event field group
- Selected Field Keys – The parameter selected for the event field
To add more event fields, click the 'Edit' button on the bottom-right
- The 'Selection Fields' dialog will open.
The default and added 'Result Fields' will be displayed.
- To add new 'Result Fields', click the first combo box and select the event field group.
The next field will display the parameters available for the selected field group.
- Select the required field from the drop-down and click the button.
A new results field will be added and you have to provide a new label for the result field.
- Enter a name for the field on the right side, by which the results field column should be displayed in the 'Results' screen. Note – Each event field group name should be unique.
- Repeat the process to add more fields and click 'OK'
- To remove irrelevant fields, click the trash can icon beside it.
- Click the 'Cancel' button to revert the changes you made.
- Click the 'OK' button
See 'Configure Event Queries' for more details.