Change column headings for saved search or replicate in data table

Hi, I know this question has been asked before and I have read and attempted to reproduce the accepted answers but can't get any to work. I am using Kibana v 7.11.2.

I would simply like to add a saved search (with some selected column headings) to my dashboard and then change the column headings to friendly names. I do not want any kind of aggregations, I just want to see the log messages in timestamp order with selected headings as you do in 'Discover'.

I know that column headings on saved searches cannot be changed, and all the other answers on here say to use a lens data table visualization instead. I have tried to follow the instructions in the other answers but can't figure out how to make it work. One answer said to 'aggregate over a unique field' so I tried using the '_id' meta field (I tried putting it in the "Break down by" and in "Metrics").

Can someone please explain to me step-by-step how to create a multiple column data table which replicates a 'Discover' saved search.

If possible it makes sense to stick with a saved search because the underlying query is much more efficient (especially if you want to display lots of columns).

Starting from 7.11 you can change the technical field names to nice labels on the index pattern which will be used for column headings in saved searches: https://github.com/elastic/kibana/pull/70039

Caveat: The names can only be set once for all occurences of this field in saved searches. Does this help you?

Thanks Joe. This should work for what I need.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.