View
View log events in the format your destination expects, before or after processing.
The View feature lets you inspect how log events will look when processed for a given destination. Use it to verify structure, field mapping, and format before sending logs to your security platform, or to review the output of a completed job.
Where to Find View
View is available in two places:
- Catalog - Click the View action on any catalog entry to see how its log events will look when processed. This helps you choose the right logs before inserting.
- History - For completed jobs, click View to inspect the processed output that was sent to your destination. Use this to confirm format and troubleshoot.
View Formats
The view modal shows events in two tabs (Splunk and Elasticsearch), each representing the format sent to that destination. It defaults to your configured profile destination so you see the format most relevant to you first.
- Splunk - The format transmitted to Splunk via HEC. Raw event text and metadata as they will appear in Splunk.
- Elasticsearch - The format indexed in Elasticsearch. Structured JSON with standard field mappings for search and visualization.
See Supported Destinations for details on each platform.
View Controls
Within the view modal you can:
- Switch between Splunk and Elasticsearch tabs to compare formats
- Expand and collapse individual events to focus on specific entries
- Use Expand all and Collapse all to show or hide event details in bulk
- Step through events with previous/next controls to navigate the event list
- View event count (e.g., "Showing 5 of 42 events") and event summaries (timestamp, event ID) for quick scanning
Catalog view availability
Related
Use View alongside Catalog, Upload, History, and Getting Started to understand the full workflow.