Displays

Displays is a standard configuration interface for adding, editing, and removing the different Event Displays. Event Displays control what columns are shown in the Event List, which fields can be utilized in the Standard view of the Forensic search interface, as well as the default sort order. The columns displayed and sort order can be changed as needed, and field states can be changed to control if a field is editable in the expanded event view, if a field can be used for sorting in the event list, and/or if a field can be used for filtering in the event list.

Refer to the Standard Configuration Interface guide for details on interacting with the grid and form.

This user interface calls REST methods from api/event/displays.

To open this interface, from the main navigation menu, select Configuration, then Events, and then Displays.

Form Fields

• Name - The name of the display.

• User Owner - Defines the user that owns the display.

• Group Owner - Defines the group that owns the display.

• Disable Conversions - If checked, when viewing Event list, the original value will be shown instead of applying display conversions.

• Columns - This section lists all of the fields available within the Events database.

  Note:

  • You can drag and drop individual fields to set the order of fields when the event list is displayed.

  • You can drag and drop individual fields to the Sorting order toolbar. This order is used as the default sort order when the event list is displayed. See Event List Sorting Using Displays in Unified Assurance Implementation Guide.

  • Visible - A checkbox to indicate the field will be visible when the event list is displayed.

  • Field - The field name in the Events table. These cannot be changed from this UI.

  • Custom Name - A custom name can be specified for the Field. The custom name will be shown instead of the real name when the event list is displayed.

  • Width - The column width when the event list is displayed. An integer may be specified to fix the column width, or flex:(number) may be used to fill-in the remaining width.

    Note:

    The number after the colon should be 1 or greater. If multiple fields are marked as flex, fields that are marked with a higher value will get more of the available space than fields with a lower value.

  • Align - If the column content is aligned left, center, or right.

  • Type - If the content is rendered as a number, string, date/time, or GeoJSON value.

  • Editable - If the value of this column is editable in the expanded event view.

    Note:

    Some columns are never allowed to have editing enabled. Those columns are EventID, ShardID, EventKey, FirstReported, LastReported, LastChanged, Count, Action, Actor & OwnerName.

  • Filterable - If the column is able to be filtered in the grid.

    Note:

    The ShardID column is never allowed to have filtering enabled.

  • Sortable - If the column is able to be sorted in the grid.

    Note:

    The ShardID column is never allowed to have sorting enabled.

• Viewers - Additional User Groups that will be able to use the display.

For details about User Owner, Group Owner and Viewers, see Configuring Ownership and Viewer Access in Unified Assurance Security Guide.