Data LakeData Lake User Guide

Table of Contents

Export Limits for Large Volume Exabeam Data Lake Query Results

Exabeam Data Lake supports query output in both comma separated values (CSV) and portable document format (PDF) file formats. High volume results exporting is supported in searches, reports and dashboards.

Data Lake is engineered to handle massive volumes of logs. Exporting the results from querying large data stores is subject to reasonable usefulness and limitations of the final format. If in the event that some indices are closed during the export process, the result will produce inconsistent search results.

The following output configurations and limits are applied to each report, search, and embedded dashboard object separately.

Note

Results are limited to searches in no greater than a 10 billion-record data environment, as is a practical limitation.

Export Query Results to CSV File

CSV files present query results in text with data fields separated by commas. This format is unformatted and lets you import the results into other processes, if needed. Data that display in tables can use this format.

CSV exports:

  • can be split into multiple CSV files, based on configurable volume size

  • are limited to cumulative 10 million records for on-premises site collectors and 200 thousand for SaaS platforms

  • are compiled at selectable volumes of 10 thousand, 50 thousand, 100 thousand, 250 thousand, 1 million records per file.

    DL-SearchExport-PDF-DocSelection-DLi36.png

Warning

The greater the number of records to export, the more time it will take for the task to complete. For example, to 1 million records could take roughly 20-30 minutes. Ten million records could take several hours.

Export Query Results to PDF

PDF files present query results in text with data fields separated in visual columns. Both the text and layout are formatted to be printable on letter-sized paper.

PDF exports

  • can support up to 20 visualization objects (see Visualize Results in Exabeam Data Lake)

  • can support up to 5 monthly reports scheduled for the same time

  • can support table visualizations up to 500 cumulative records during export

  • produce a download link that stays valid for no more than 30 minutes