Enhance results display
Security Investigator offers multiple ways to enhance the display of fields and records in the query results table. See below for details.
Wrap lines
You can view longer log lines without horizontal scrolling with the Enable line wrap option. You can perform this action from the query results table menu without executing a query.
-
In the query results table menu, select the column header for the field you are interested in.
-
Select
Enable line wrap.To reverse this action, select
Disable line wrap.
View multiline logs
For a better understanding of data, you can view the stack traces with their line breaks in their original form with the Enable multiline option. You can perform this action from the query results table without executing a query.
-
In the query results table menu, select the column header for the field you are interested in.
-
Select
Enable multiline.To reverse this action, select
Disable multiline.
Aggregate records
You can group and aggregate records with the same value for a given field with the Summarize option, available from the query results header menu or from the record details window. Selecting this option modifies the current query and adds the summarize command to the query input.
Explore data in the original format
With the View field details and View record details options in the query results table, you can examine the data in its original format, regardless of the content, and without horizontal scrolling, even if it contains non-printables like tabs, multiple spaces, or line breaks. Security Investigator recognizes and formats popular data structures like JSON, making it easier to read in the field details view.
Example field view
-
Data in a field:
-
Data in a field upon viewing details:
Example record view
-
Data in a record:
-
Data in a record upon viewing details:
How to view details
In the query results table, right-click on a field and select View field details or View record details.
- To view record details, you can also double-click on any record in the query results table.
- You can use keyboard arrows (or arrows in the record details window) to navigate between records: you don't have to close the window to open the next record; just use your keyboard.
Selecting one of these options opens the field or record details window. From there, your investigation is supported with further options such as filter, extract fields, open in other apps, add evidence, and add fields.
In-place free-form filtering
You can manually define filter conditions for one or multiple fields at the same time and filter results with or without executing a query.
In-place filters apply only to the data you have fetched with your query. For example, if your query is limited to 1,000 records and you use an in-place filter, the command filters only from 1,000 rows; it doesn't apply to the data in Grail. To apply filters on all data in Grail, see Filter logs.
- How: In the query results table menu, for each field you're interested in, select the column header, and then, under Filter by "<field_name>", enter your condition and select the confirmation button
. This filters results without executing a query.
