To help you better understand your Cortex Query Language (XQL) query results and share your insights with others, Cortex XDR enables you to generate visualizations of your query data directly from the XQL Search page.
Select → → → .
Run an XQL query.
For example, enter
dataset = xdr_data | fields action_total_upload, _time | limit 10. The query returns theaction_total_upload, a number field, and_time, a string field, for up to 10 results.In the Query Results section, to visualize the results either:
Navigate to → Chart Editor (
) to manually build and view the graph using the selected visualization parameters.Main
Graph Type—Type of visualization; Area, Bubble, Column, Funnel, Gauge, Line, Map, Pie, Scatter, Single Value, or Word Cloud.
Subtype and Layout—Depending on the selected type of graph, choose from the available display options.
Header—Title your graph.
Show Callouts—Display numeric values on graph.
Data
X-axis—Select a field with a string value.
Y-axis—Select a field with a numeric value.
Depending on the selected type of graph, customize the Color, Font, and Legend.
Enter the visualization parameters in the XQL query section.
You can express any chart preferences in XQL. This is helpful when you want to save your chart preferences in a query and generate a chart every time that you run it. To define the parameters, either:
Manually enter the parameters, for example,
view graph type = column subtype = grouped header = “Test 1” xaxis = _time yaxis = _product,action_total_upload.Select ADD TO QUERY to insert your chart preferences into the query itself.
(Optional) Create a custom widget.
To easily track your query results, you can create custom widgets based on the query results in the Manage Your Widget Library. The custom widgets you create can be used in your custom dashboards and reports.
Select Save to Widget Library to pivot to the Widget Library and generate a custom widget based on the query results.