Exabeam SearchSearch Release Notes

NGSP-3011

In Advanced search, aggregation functions are now supported for fields generated through Geolocation IP enrichment.

NGS-4314

When results are returned from a query using advanced query language, the View full results feature is now working properly. When you open the View all fields panel for a row, or the Field summary panel, and you can select View full results for a specific field, and view the results successfully.

CRB-2860

For triggered correlation events, the activity_type attribute was incorrectly set to rule-trigger-beta. This issue was fixed with a new parser package.

DOC-1756

The Service Health and Consumption dashboards has been updated to report both Long-Term Search and Long-Term Storage consumption.

NGS-3330

Time range searching has been updated so it is simpler to use. For information, see Timestamps in the Query Syntax section of the Search guide.

NGSP-1407

Fixed an issue of exporting search results with many many blank columns that you have to go through to find the data you want.

NGS-2430

Fixed the issue of saved searches being missing or deleted in some instances for some users.

NGSP-1528

Fixed the issue of ending up with many blank fields when exporting or downloading a report with a custom field in the field template. The issue was resolved by adding an option to exclude null fields when exporting search results.

NGS-2640

Fixed an issue where the customer was receiving a "Parsed logs are required in order to view the Field Summary" error message, due to all parsed fields appearing to be hidden, and was unable to create a dashboard for their query.

NGSP-1375

Fixed an issue where you you might be receiving a Please Verify your search fields, Syntax Error while query using fields, error message when running a search.

NGS-1407

Fixed an issue, where, when you exported or downloaded a report with a custom field in the field template, every field in the Common Information Model 2.0 was being exported, resulting in many blank columns that you had to go through to find the data you wanted.

NGS-1362

Fixed an issue In Advanced Search, where using == for an exact match in your query resulted in an error.

NGS-1174

Fixed an issues in Search where you were unable to do a data range filter on internal fields, such as raw_log_time. Attempting to build queries with these fields resulted in an error.

NGS-744

Fixed and issues in Search, where when you exported a CSV file for a search containing aggregations, the column titles were unreadable.

NGS-2644

Fixed an issue In Query Builder, where not all vendors and products were appearing in the ALL VENDORS & PRODUCTS list.

NGS-2631

Fixed an issue where, when you accessed Search from the Correlation Rules app to test a query, queries that used a context table were failing with an error message.

NGS-3038

Fixed an issue in Advanced Search, where raw_log_time_format is visible, when it should be hidden.

NGSP-1388

Fixed an issue where the min/max aggregations were note working on datetime fields.

NGS-2890

Fixed an issues where the issue_time field was not supporting a null query.

NGSP-1255

Fixed an issues where the NOT condition was not working on metadata fields in queries using Regex.

NGS-2670

Fixed an issue when users were unable to export data from Search. These exports would fail with a Failed - No file error message.

NGS-2526

Fixed an issues where, when using the approxLogTime field in a query, the search would fail with the error: " Value ... is incompatible for type .... Search now supports the usage of approxLogTime in queries.

NGS-2360

Fixed an issue where iIn some instances, when exporting a search, some parsed fields were missing.

NGS-2288

Fixed an issue where when selecting a query from the saved searches, the time range specified in the saved search was not being populated in Query Builder.

NGS-1942

Fixed an issue where the Field Summary was empty for certain parsed logs. This was due to Search not supporting metadata, custom, or array-type field in the Field Summary. This feature has been added with the June 2023 release.

NGS-2645

Fixed an issue where, if you had a field template that contained a field with no name, you would be unable to export any logs.

NGS-798

Fixed an issue where if there were no logs to be searched on the system, Search was immediately displaying an error when you first logged on.

NGS-1902

Fixed an issue where Search was returning an error when your query expression used a range with date or time fields.

NGS-1908

Fixed an issue where when attempting to combine two queries (using the AND operator) to search the logs, the combined query was not returning any results, even if the two original queries were producing results.

NGS-1427

Fixed an issue where Searches using ingest_time or approx_log_time did not return accurate, consistent results.

NGS-2199

Fixed an issue where duplicate subjects were being shown in the SUBJECTS list when using Query Builder.

NGS-2144

Fixed an issue where all parsed fields were not available for selection when creating a new field template.

NGS-2289

Fixed an issues where, sometimes, the Search UI would disappear when you clicked on the input box to open Query Builder.

NGS-1508

Fixed an issue where when a log was parsed using a custom parser that utilized custom fields, those custom fields were not searchable, and they did not appear under the Custom Fields tab in Query Builder.

NGS-2420

Query validation was not working for queries containing hexadecimal type fields.

NGS-1865

Fixed an issue where the fields m_collector_type and m_collector_name were not searchable.

NGS-1855

Fixed an issue where Search was displaying an incorrect timeline for LastPass events.

NGS-1746

Fixed an issue where the the export events functionality in Search was not working as expected. When you received a notification of the download, the download consisted of URLs that you were required to paste into your browser to download the exported files one by one. The notification link now takes you directly to the Downloads page, allowing you to download all exported files with one click.

NGS-1179

Fixed an issue where, when exporting events, the logs were not being exported in the requested file name.

NGSP-373

Fixed an issue where Search returned an error when you tried to use a context table with a number type field.

NGS-1634

Fixed an issue where users were receiving an error message when attempting to export events from Search.

NGS-1613

Fixed an issue where the Search loading indicator did not disappear, making it seem as if the Search is still running, when in fact the search has completed.

NGS-1540

Fixed an issue where in some instances for some users, saved and recent searches were being deleted every night.

NGS-1372

Fixed an issues where if you exporting a raw log from Search, the notification that the log has been exported would not appear until you had refreshed the page.