- About Exabeam Data Lake
- Exabeam Data Lake Search
- Exabeam Data Lake Search Page Overview
- Performing Searches in Exabeam Data Lake
- Exabeam Data Lake Sort Logic
- Exabeam Data Lake Search Fields
- Visualize Results in Exabeam Data Lake
- Creating a New Visualization in Exabeam Data Lake
- Saving A Visualization in Exabeam Data Lake
- Exabeam Data Lake Dashboard Setup
- Exabeam Data Lake Reports
- Create an Exabeam Data Lake Report
- Compliance Reports in Exabeam Data Lake
- Import a Report
- How to Suppress Empty Exabeam Data Lake Reports
- Access Restrictions for Saved Objects in Exabeam Data Lake
- How to Forward Alerts Using Correlation Rules in Exabeam Data Lake
- How Correlation Rules Work
- Correlation Rules in Data Lake vs Advanced Detection Rules in Advanced Analytics
- Auto Disable Correlation Rules during High Latency
- Rule Types in Exabeam Data Lake
- Creating a Correlation Rule in Exabeam Data Lake
- Correlation Rules Table in Exabeam Data Lake
- Blacklist/Whitelist Correlation Rules using Context Tables in Exabeam Data Lake
- A. Technical Support Information
- B. Supported Browsers
Exabeam Data Lake Dashboard Setup
The Data Lake Dashboard page is where you can create, modify, and view your own custom dashboards. Essentially, they are a place to consolidate visualizations and saved searches. With a dashboard, you can combine multiple visualizations onto a single page, then filter them by providing a search query or by selecting filters by clicking elements in the visualization. You can easily use one visualization on multiple dashboards and if you edit the visualization is will be updated automatically on every dashboard you use. Unsaved reports will be impacted by changes in searches and visualizations.
Dashboards are useful for when you want to get an overview of your logs and make correlations among various visualizations and events. They can be shared among your colleagues and used in reporting. Each chart will refresh itself with the most recent data, making them useful for performing recurrent tasks.
To create a Dashboard, select the Dashboard tab at the top of the page.
If you have not created a dashboard before, you will see a mostly blank page that says Ready to get started?
To add visualizations to your Dashboard, tick the box(s) next to one of your Saved Visualizations listed to the left of the page. Click the Add to Dashboard button at the bottom right of the page.
Having a saved Search or Visualization is a prerequisite for building a Dashboard.
Selecting any of your saved searches or visualizations will add them as a tile to the Dashboard. Use the filter at the top to search for a specific visualization or simply browse the list. Once you have added all the visualizations you want, collapse the Add menu. Now you can arrange each element to your satisfaction.
When you hover the mouse over a visualization a menu appears in the top right corner of the element. From this menu you can Edit, Move, or Delete the element respectively.
Selecting the Edit pencil will jump you to the Visualize page for that particular visualization. From here you can make any changes you like and save them.
To Move the visualization hover over the Move icon in the upper right corner and drag it to the desired location. The visualization can also be re-sized by hovering the mouse over any of the tile's corners and dragging.
Deleting will only remove it from this particular Dashboard, it will not delete the visualization itself.
Dashboards can be filtered further by entering a search query, changing the time filter, or clicking on the elements within the visualization. As with all the other pages, you can use the query language to enter queries in the top search box. This query will filter the data for all of the visualizations placed on the dashboard. If you have stored a query with a visualization, both queries will apply. This means you can use the dashboard search to filter out data, without compromising any logic inside the visualization.
You can also select particular elements within the visualization themselves. For example, if you click on a particular color segment in the histogram, Data Lake will allow you to filter on the significant term that the segment represents. Filters can be applied and removed as needed. The search and time filters work just like they do in the Search page, except they are only applied to the data subsets that are presented in the dashboard. Changing the time interval will apply to every visualization on the dashboard.
When you are pleased with the Dashboard's aesthetic, click the Save icon at the top right of the page. Name the Dashboard and Save it. As with visualizations and searches, when you make changes to the dashboard, you need to press save again to store these changes permanently. To store the time period specified in the time filter with the dashboard, select Store time with dashboard. Save As gives you the option to save the Visualization under a new name instead of overwriting the existing version.
All Dashboards are saved in your Search Library and can be accessed from anywhere in Data Lake.
The Share button will open a drop-down menu that contains a link to your saved Dashboard. It can be accessed by anyone with valid Data Lake credentials. If you copy out the link written in the
src=".." attribute and share this, your users won't have the option to modify the dashboard. This is not a security feature, since a user can just remove the embed from the URL, but it might be useful so people don't modify the dashboards by accident.