- About Exabeam Data Lake
- Data Lake Search
- Visualize Results in Exabeam Data Lake
- Exabeam Data Lake Dashboard Setup
- Exabeam Data Lake Reports
- Export Limits for Large Volume Exabeam Data Lake Query Results
- Access Restrictions for Saved Objects in Exabeam Data Lake
- How to Forward Alerts Using Correlation Rules in Exabeam Data Lake
- How Correlation Rules Work
- Correlation Rules in Data Lake vs Advanced Detection Rules in Advanced Analytics
- Auto Disable Correlation Rules during High Latency
- How to Find Disabled or Erred Correlation Rules
- Rule Types in Exabeam Data Lake
- Create a Correlation Rule in Exabeam Data Lake
- Correlation Rules Table in Exabeam Data Lake
- Blacklist/Whitelist Correlation Rules using Context Tables in Exabeam Data Lake
- A. Technical Support Information
- B. Supported Browsers
Export Limits for Large Volume Exabeam Data Lake Query Results
Exabeam Data Lake supports query output in both comma separated values (CSV) and portable document format (PDF) file formats. High volume results exporting is supported in searches, reports and dashboards.
Data Lake is engineered to handle massive volumes of logs. Exporting the results from querying large data stores is subject to reasonable usefulness and limitations of the final format. If in the event that some indices are closed during the export process, the result will produce inconsistent search results.
The following output configurations and limits are applied to each report, search, and embedded dashboard object separately.
Note
Results are limited to searches in no greater than a 10 billion-record data environment, as is a practical limitation.
Export Query Results to CSV File
You can export query results to CSV files to further analyze the data in other tools or to save as records. Query exports are downloaded as ZIP files that contain two CSV files, one containing the results set and the other containing any errors that may have occurred in the query. Errors in query results can occur for various reasons, such as running heavy queries, index failure, and internode communication issues.
Note the following about CSV exports:
They can be split into multiple CSV files, based on configurable volume size.
They are limited to cumulative 10 million records for on-premises site collectors and 200 thousand for SaaS platforms.
They are compiled at selectable volumes of 10 thousand, 50 thousand, 100 thousand, 250 thousand, 1 million records per file.
Warning
The greater the number of records to export, the more time it will take for the task to complete. For example, to 1 million records could take roughly 20-30 minutes. Ten million records could take several hours.
Export Query Results to PDF
PDF files present query results in text with data fields separated in visual columns. Both the text and layout are formatted to be printable on letter-sized paper.
PDF exports
can support up to 20 visualization objects (see Visualize Results in Exabeam Data Lake)
can support up to 5 monthly reports scheduled for the same time
can support table visualizations up to 500 cumulative records during export
produce a download link that stays valid for no more than 30 minutes