elastic · nastasha-solomon · Jul 23, 2024 · Jul 23, 2024 · Jul 23, 2024
@@ -84,7 +84,7 @@ filter (refer to <<pivot>>).
 * *Add template field*: Add a template filter with a value placeholder.
 +
 [role="screenshot"]
-image::images/create-a-timeline-filter.png[Shows an example of a Timeline filter]
+image::images/create-a-timeline-template-field.png[Shows an example of a Timeline template]
 +
 TIP: You can also drag and send items to the template from the *Overview*,
 *Hosts*, *Network*, and *Alerts* pages.

@@ -55,8 +55,7 @@ To further inspect an event or detection alert, click the *View details* button.
 == Configure Timeline event context and display
 
 Many types of events automatically appear in preconfigured views that provide relevant
-contextual information, called *Event Renderers*. You can display and turn them on or off
-with the Settings menu in the upper left corner of the results pane:
+contextual information, called *Event renderers*. All event renderers are turned off by default. To turn them on, use the **Event renderers** toggle at the top of the results pane. To only turn on specific event renderers, click the gear (image:images/customize-event-renderers.png[The customize event renderer button,20,20]) icon next to the toggle, and select the ones you want enabled. Close the **Customize event renderers** pane when you're done. Your changes are automatically applied to Timeline.
 
 [role="screenshot"]
 image::images/timeline-ui-renderer.png[example timeline with the event renderer highlighted]
@@ -67,13 +66,27 @@ interests you, you can drag it up to the drop zone below the query bar for furth
 
 You can also modify a Timeline's display in other ways:
 
-* Add, remove, reorder, or resize columns
-* Create <<runtime-fields,runtime fields>> and display them in the Timeline
+* <<add-remove-timeline-fields,Add and remove fields>> from Timeline
+* Create <<runtime-fields,runtime fields>> and display them in Timeline
+* Reorder and resize columns
+* Copy a column name or values to a clipboard 
+* Change how the name, value, and description of a field are displayed in Timeline
 * View the Timeline in full screen mode
 * Add or delete notes on individual events
 * Add or delete investigation notes on the entire Timeline
 * Pin interesting events to the Timeline
 
+[discrete]
+[[add-remove-timeline-fields]]
+== Add and remove fields from Timeline
+
+The Timeline table shows fields that are available for alerts and events in the selected data view. You can modify the table to display fields that interest you. Use the sidebar to search for specific fields or scroll through it to find fields of interest. Fields that you select display as columns in the table.
+
+To add a field from the sidebar, hover over it, and click the **Add field as a column** button (image:images/add-field-button.png[The button that lets you to add a field as a column,20,20]), or drag and drop the field into the table. To remove a field, hover over it, and click the **Remove field as a column** button (image:images/remove-field-button.png[The button that lets you to remove a field as a column,20,20]). 
+
+[role="screenshot"]
+image::images/timeline-sidebar.png[Shows the sidebar that allows you to configure the columns that display in Timeline]
+
 [discrete]
 [[narrow-expand]]
 == Use the Timeline query builder

@@ -11,16 +11,17 @@ To create a runtime field:
 
 . Go to a page that lists alerts or events (for example, *Alerts* or *Timelines* -> *_Name of Timeline_*).
 
-. Click the *Fields* toolbar button in the table's upper-left. The *Fields* browser opens.
+. Do one of the following:
+** In the Alerts table, click the *Fields* toolbar button in the table's upper-left. From the *Fields* browser, click *Create field*. The *Create field* flyout opens.
 +
 [role="screenshot"]
 image::images/fields-browser.png[Fields browser]
-
-. Click *Create field*. The *Create field* flyout opens.
++
+** In Timeline, go to the bottom of the sidebar, then click *Add a field*. The *Create field* flyout opens.
 +
 [role="screenshot"]
-image::images/create-field-flyout.png[Create field flyout]
-
+image::images/create-runtime-fields-timeline.png[Create runtime fields button in Timeline]
++
 . Enter a *Name* for the new field.
 
 . Select a *Type* for the field's data type.