Data LakeData Lake User Guide

Table of Contents

Exabeam Data Lake Search Fields

Data Lake displays a list of fields that found in the events of the search results, at the left of the UI. You can click the field to add a column containing the contents of this field to the table. No matter what fields you have added as columns, you can always expand a row on the caret in the front. You can also remove fields that you don’t want to see as columns anymore in the section Selected Fields above the field list on the left.

DL-SearchUI-FieldSummary-Fields.jpg

You can expand any field in the fields list on the left by clicking on it. It will reveal the list of the most common values for that field. Use the – and + magnifier icons to quickly add a filter to show only events containing that value (+) or to exclude all events with that value (-).

If you add filters that way, this field will be added as a search term within the query.

Filters can also be set by expanding the table rows on the right which show the event contents and using the filter buttons which appear there. Note that events may contain fields which are not indexed and can thus not be used for filtering. You won’t find any filter buttons for those.

Additionally, click the View field visualization link to create a new visualization from a single selected field. Once the new visualization is created, you can further customize the view by adding or removing top terms you want to review.

DL-SearchUI-FieldSummary-Visualizations.jpg

Please see the Visualize section for more information on creating, managing, and reviewing your visualizations.

Field Explorer

In addition to using manually created search strings, users have the option to filter data using out-of-the-box filters available in the Search UI.

The Field Explorer is the quick pick tool for viewing captured data in known categories (both out-of-the-box and custom filters). Click on the hyperlink for a given sub-category and menu of known values are listed to filter further. View field visualization can be selected to immediately visually organize data from the shown list.

DL-SearchUI-Field.jpg