Cortex XDR enables you to generate helpful visualizations of your XQL query results.
Notice
Building Cortex Query Language (XQL) queries in the Query Builder requires a Cortex XDR Pro license.
To help you better understand your Cortex Query Language (XQL) query results and share your insights with others, Cortex XDR enables you to generate graphs and outputs of your query data directly from query results page.
Select
→ → → .Run an XQL query.
Example 75.Enter the following query:
dataset = xdr_data | fields action_total_upload, _time | limit 10
The query returns the
action_total_upload
, a number field, and_time
, a string field, for up to 10 results.In the Query Results section, to graph the results either:
(Optional) Create a custom widget.
To easily track your query results, you can create custom widgets based on the query results. The custom widgets you create can be used in your custom dashboards and reports. For more information, see Create custom XQL widgets.
Select Save to Widget Library to pivot to the Widget Library and generate a custom widget based on the query results.