Data LakeExabeam Search Quick Reference Guide

Table of Contents

Results Views in Exabeam Data Lake

Data is presented in panels below the banner menu. There are four ways to view the data. Results can shared or exported (PDF or CSV format) by selecting the icons on the upper right of the primary pane.

data lake share export

Note

Data Lake can export up to 1 million search local query results. These results will be batched in files of 10,000 log events per file and zipped together. For cross-cluster searches, up to 10,000 query results can be exported.

Timeline View

The Timeline is the graphically displays the volume of activity for a given timeframe.

data lake search time line

You can collapse and expand the Timeline by selecting the Collapse/Expand icon.

data lake close chart

You can refresh timeline at a specific pace by selecting an update interval in Time View.

data lake time line view selection

Enhanced View

In Enhanced view, raw log and data from matching fields are displayed. Click Show more or View All to expand or contract the view with Show less or Collapse.

data lake search enhanced view

Table View

The Table view allows you to create your own tables with fields of your choosing.

data lake table view

On first time viewing with no established table, you select available fields listed in the left pane. Once selections are made, click Create Table to generate a table view.

DL-SearchUI-TableView-SelectResult.jpg

Raw View

The Timeline is the graphically displays the volume of activity for a given timeframe.

data lake raw log view