- About Exabeam Data Lake
- Exabeam Data Lake Search
- Exabeam Data Lake Search Page Overview
- Performing Searches in Exabeam Data Lake
- Exabeam Data Lake Sort Logic
- Exabeam Data Lake Search Fields
- Visualize Results in Exabeam Data Lake
- Creating a New Visualization in Exabeam Data Lake
- Saving A Visualization in Exabeam Data Lake
- Exabeam Data Lake Dashboard Setup
- Exabeam Data Lake Reports
- Create an Exabeam Data Lake Report
- Compliance Reports in Exabeam Data Lake
- Import a Report
- How to Suppress Empty Exabeam Data Lake Reports
- Access Restrictions for Saved Objects in Exabeam Data Lake
- How to Forward Alerts Using Correlation Rules in Exabeam Data Lake
- How Correlation Rules Work
- Correlation Rules in Data Lake vs Advanced Detection Rules in Advanced Analytics
- Auto Disable Correlation Rules during High Latency
- Rule Types in Exabeam Data Lake
- Creating a Correlation Rule in Exabeam Data Lake
- Correlation Rules Table in Exabeam Data Lake
- Blacklist/Whitelist Correlation Rules using Context Tables in Exabeam Data Lake
- A. Technical Support Information
- B. Supported Browsers
Exabeam Data Lake Search Fields
Data Lake displays a list of fields that found in the events of the search results, at the left of the UI. You can click the field to add a column containing the contents of this field to the table. No matter what fields you have added as columns, you can always expand a row on the caret in the front. You can also remove fields that you don’t want to see as columns anymore in the section Selected Fields above the field list on the left.
You can expand any field in the fields list on the left by clicking on it. It will reveal the list of the most common values for that field. Use the – and + magnifier icons to quickly add a filter to show only events containing that value (+) or to exclude all events with that value (-).
If you add filters that way, this field will be added as a search term within the query.
Filters can also be set by expanding the table rows on the right which show the event contents and using the filter buttons which appear there. Note that events may contain fields which are not indexed and can thus not be used for filtering. You won’t find any filter buttons for those.
Additionally, click the View field visualization link to create a new visualization from a single selected field. Once the new visualization is created, you can further customize the view by adding or removing top terms you want to review.
Please see the Visualize section for more information on creating, managing, and reviewing your visualizations.
In addition to using manually created search strings, users have the option to filter data using out-of-the-box filters available in the Search UI.
The Field Explorer is the quick pick tool for viewing captured data in known categories (both out-of-the-box and custom filters). Click on the hyperlink for a given sub-category and menu of known values are listed to filter further. View field visualization can be selected to immediately visually organize data from the shown list.