Skip to main content

Data LakeData Lake User Guide

Table of Contents

Export Limits for Large Volume Exabeam Data Lake Query Results

Exabeam Data Lake supports query output in both comma separated values (CSV) and portable document format (PDF) file formats. High volume results exporting is supported in searches, reports and dashboards.

Data Lake is engineered to handle massive volumes of logs. Exporting the results from querying large data stores is subject to reasonable usefulness and limitations of the final format. If in the event that some indices are closed during the export process, the result will produce inconsistent search results.

The following output configurations and limits are applied to each report, search, and embedded dashboard object separately.

Note

Results are limited to searches in no greater than a 10 billion-record data environment, as is a practical limitation.

Export Query Results to CSV File

You can export query results to CSV files to further analyze the data in other tools or to save as records. Query exports are downloaded as ZIP files that contain two CSV files, one containing the results set and the other containing any errors that may have occurred in the query. Errors in query results can occur for various reasons, such as running heavy queries, index failure, and internode communication issues.

Note the following about CSV exports:

  • They can be split into multiple CSV files, based on configurable volume size.

  • They are limited to cumulative 10 million records for on-premises site collectors and 200 thousand for SaaS platforms.

  • They are compiled at selectable volumes of 10 thousand, 50 thousand, 100 thousand, 250 thousand, 1 million records per file.

    DL-SearchExport-PDF-DocSelection-DLi36.png

Warning

The greater the number of records to export, the more time it will take for the task to complete. For example, to 1 million records could take roughly 20-30 minutes. Ten million records could take several hours.

Export Query Results to PDF

PDF files present query results in text with data fields separated in visual columns. Both the text and layout are formatted to be printable on letter-sized paper.

PDF exports

  • can support up to 20 visualization objects (see Visualize Results in Exabeam Data Lake)

  • can support up to 5 monthly reports scheduled for the same time

  • can support table visualizations up to 500 cumulative records during export

  • produce a download link that stays valid for no more than 30 minutes