Graph query results - Cortex Cloud enables you to generate helpful visualizations of your XQL query results. - Administrator Guide

Graph query results - Cortex Cloud enables you to generate helpful visualizations of your XQL query results. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Runtime Security

Creation date

2024-12-24

Last date published

2026-06-04

Notice

Building Cortex Query Language (XQL) queries in the Query Builder requires a Data Collection add-on.

To help you better understand your Cortex Query Language (XQL) query results and share your insights with others, Cortex Cloud enables you to generate graphs and outputs of your query data directly from query results page.

Tip

Alternatively, you can use the Cortex Agentic Assistant to generate custom graphs and charts using natural language prompts. By simply prompting the agent, it will build and execute the query, returning the visual representation. For more information, see Use natural language to query and visualize your data.

Select Investigation & Response → Search → Query Builder → XQL.
Run an XQL query.
Example 86.
Enter the following query:
```
dataset = xdr_data 
| fields action_total_upload, _time 
| limit 10
```
The query returns the action_total_upload, a number field, and _time, a string field, for up to 10 results.
In the Query Results section, to graph the results either:
Use Chart Editor
Navigate to Query Results → Chart Editor () to manually build and view the graph using the selected graph parameters:
Main
Graph Type: Type of graphs and output options available: Area, Bubble, Column, Funnel, Gauge, Line, Map, Pie, Scatter, Single Value, or Word Cloud.
Note
To display the result of as a time duration, choose the graph type Single Value and enable Show as Time. You can then select the Time Unit (millisecond, second, minute, or hour) and the Display format.
Subtype and Layout: Depending on the selected type of graph, choose from the available display options.
Header: Title your graph.
Show Callouts: Display numeric values on the graph.
Data
X-axis: Select a field with a string value.
Y-axis: Select a field with a numeric value.
(Optional) Series: For an area, bubble, column, line, map, or scatter chart, you can specify a field (column) to group chart results based on y-axis values. This option is only displayed when one of the supported graph types are selected, and a single y-axis value is selected.
Depending on the selected type of graph, customize the Color, Font, and Legend.
Use XQL query
Enter the visualization parameters in the XQL query section.
You can express any chart preferences in XQL. This is helpful when you want to save your chart preferences in a query and generate a chart every time that you run it. To define the parameters, either:
Define the following query:
Example 87.
dataset = xdr_data | view graph type = column header = "Test 1" xaxis = _time yaxis = action_total_upload series = _vendor

Select ADD TO QUERY to insert your chart preferences into the query itself.
(Optional) Create a custom widget.
To easily track your query results, you can create custom widgets based on the query results. The custom widgets you create can be used in your custom dashboards and reports. For more information, see Create custom XQL widgets.
Select Save to Widget Library to pivot to the Widget Library and generate a custom widget based on the query results.

Notice

Tip

Note