Exabeam SearchExabeam Search Guide

To view a specific anomaly in the Advanced Analytics Timeline, click the View in AA timeline icon .

To copy a browser link to a specific anomaly, click the Copy link icon .

To copy the raw log text for a specific anomaly, click the Copy raw log icon . The raw log is the log in its original, unprocessed format, and is displayed at the bottom of the event. You can also view the entire log in the Event Details panel.

To open the Event Details panel, click View all fields.

From the Event Details panel, you can view the entire raw log, show and hide the parsed fields, and add the field values to queries. You can also move between adjacent events in your search results.

To show the entire raw log in the Event Details panel, click Show full log.

To show or hide displayed fields in the Event Details panel, click the show and hide icons. The Show icon () indicates that the field is visible; the Hide icon () indicates the field is hidden. The show/hide settings for a field are applied to all anomaly events in your search results until you change them.

To add a field value from the Event Details panel to the query in the search bar, move your cursor over the row and click the Options icon (), and then select one of the options for adding the value.

To move between adjacent events in your search results, click the Next Result and Previous Result icons at the top of the Event Details panel.