Data LakeData Lake User Guide

Table of Contents

Exabeam Data Lake Dashboard Setup

The Data Lake Dashboard page is where you can create, modify, and view your own custom dashboards. Essentially, they are a place to consolidate visualizations and saved searches. With a dashboard, you can combine multiple visualizations onto a single page, then filter them by providing a search query or by selecting filters by clicking elements in the visualization. You can easily use one visualization on multiple dashboards and if you edit the visualization is will be updated automatically on every dashboard you use. Unsaved reports will be impacted by changes in searches and visualizations.

Dashboards are useful for when you want to get an overview of your logs and make correlations among various visualizations and events. They can be shared among your colleagues and used in reporting. Each chart will refresh itself with the most recent data, making them useful for performing recurrent tasks.

To create a Dashboard, select the Dashboard tab at the top of the page.

If you have not created a dashboard before, you will see a mostly blank page that says Ready to get started?

Dashboard Homepage.bmp

To add visualizations to your Dashboard, tick the box(s) next to one of your Saved Visualizations listed to the left of the page. Click the Add to Dashboard button at the bottom right of the page.

Note

Having a saved Search or Visualization is a prerequisite for building a Dashboard.

Selecting any of your saved searches or visualizations will add them as a tile to the Dashboard. Use the filter at the top to search for a specific visualization or simply browse the list. Once you have added all the visualizations you want, collapse the Add menu. Now you can arrange each element to your satisfaction.

DL Dashboard.jpg

When you hover the mouse over a visualization a menu appears in the top right corner of the element. From this menu you can Edit, Move, or Delete the element respectively.

Selecting the Edit pencil will jump you to the Visualize page for that particular visualization. From here you can make any changes you like and save them.

To Move the visualization hover over the Move icon in the upper right corner and drag it to the desired location. The visualization can also be re-sized by hovering the mouse over any of the tile's corners and dragging.

Deleting will only remove it from this particular Dashboard, it will not delete the visualization itself.

Dashboards can be filtered further by entering a search query, changing the time filter, or clicking on the elements within the visualization. As with all the other pages, you can use the query language to enter queries in the top search box. This query will filter the data for all of the visualizations placed on the dashboard. If you have stored a query with a visualization, both queries will apply. This means you can use the dashboard search to filter out data, without compromising any logic inside the visualization.

You can also select particular elements within the visualization themselves. For example, if you click on a particular color segment in the histogram, Data Lake will allow you to filter on the significant term that the segment represents. Filters can be applied and removed as needed. The search and time filters work just like they do in the Search page, except they are only applied to the data subsets that are presented in the dashboard. Changing the time interval will apply to every visualization on the dashboard.

When you are pleased with the Dashboard's aesthetic, click the Save icon at the top right of the page. Name the Dashboard and Save it. As with visualizations and searches, when you make changes to the dashboard, you need to press save again to store these changes permanently. To store the time period specified in the time filter with the dashboard, select Store time with dashboard. Save As gives you the option to save the Visualization under a new name instead of overwriting the existing version.

All Dashboards are saved in your Search Library and can be accessed from anywhere in Data Lake.

You can save the dashboard results to a file by selecting PDF in the DL-ExportDownloadIcon.png menu. Export limits will apply to large volume search results. For more information on export format, see Export Limits for Large Volume Exabeam Data Lake Query Results .

The Share button will open a drop-down menu that contains a link to your saved Dashboard. It can be accessed by anyone with valid Data Lake credentials. If you copy out the link written in the src=".." attribute and share this, your users won't have the option to modify the dashboard. This is not a security feature, since a user can just remove the embed from the URL, but it might be useful so people don't modify the dashboards by accident.