Migrate Saved Searches
 |
Expected Duration: | 1 to 20 minutes per search, depending on complexity (average = 10 minutes) |
Access Required: |
|
In Data Lake, searches can be created and saved to a Library of saved searches. In the Exabeam Security Operations Platform, searches can also be created and saved.
The following diagram provides a high level overview of the migration process.
To migrate a saved search from Data Lake to the Search application, follow the steps below.
Log into Data Lake, click Library in the upper right corner, and open a specific saved search.
At the top of the search page, copy the entire query syntax.
In another tab, log into the Exabeam Security Operations Platform and navigate to Search.
At the top of the Search page, click the Advanced Search icon
to the left of the search bar and paste the Data Lake query into the search bar.Adjust the query syntax as needed. For syntax information, see Adjust Query Syntax.
Adjust the entity mapping in the query as needed. For mapping information, see Map to the Common Information Model.
Using the drop-down time filter directly to the right of the search bar, select a time range for the query that matches the Data Lake search query.
Click Search to run the search query.
If the search results returned are satisfactory, do the following to save the search:
Click the Options icon (
) to the right of the Search button and select the Save action.Enter a Search Title that matches the name of the Data Lake saved search.
Decide whether you want to keep the Make search private option as is, or toggle it off to make the search public when you save it.
Click Save. The search is saved and appears listed on the Saved Searches page.