Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Table Functions - table

Table of contents
  1. table

table

  • table col1,col2…

The command table is used to rearrange table columns shown in the results. The terms not mentioned after table will not be shown.

Example:

search sContent("@behaviors","O365_AzureAD_UserLoggedIn")
let {username="ObjectId"}=f("@fields"), 
_timestamp=f("@timestamp")
aggregate timestamp=max(_timestamp), count() by username
let createdOn=strftime("%a, %d %b %Y %T %z",timestamp)
table username, createdOn