Learn more about importing data from an external file to create or update a lookup dataset in Cortex XSIAM.
You can import data from CSV, TSV, or JSON files into Cortex XSIAM to create or update lookup datasets.
Danger
When uploading a CSV, TSV, or JSON file, ensure that the file meets the following requirements:
The maximum size for the total data to be imported into a lookup dataset is 30 MB.
Field names can contain characters from different languages, special characters, numbers (
0-9), and underscores (_).Field names can't exceed 128 characters.
Field names can't contain duplicate names, white spaces, or carriage returns.
The file doesn't contain a byte array (binary data) as it can't be uploaded.
Select → → → → .
Browse to your CSV, TSV, or JSON file. You can only upload a TSV file if it contains a
.tsvfile extension.(Optional) Under Name, type a new name for the target dataset.
By default, Cortex XSIAM uses the name of the original file as the dataset name. You can change this name to something that will be more meaningful for your users when they query the dataset. For example, if the original file name is mrkdptusrsnov23.json, you can save the dataset as marketing_dept_users_Nov_2023.
Dataset names can contain special characters from different languages, numbers (
0-9) and underscores (_). You can create dataset names using uppercase characters, but in queries, dataset names are always treated as if they are lowercase.Important
The name of a dataset created from a TSV file must always include the extension. For example, if the original file name is
mrkdptusrsnov23.tsv, you can save the dataset with the namemarketing_dept_users_Nov_2023.tsv.Replace the existing data in the dataset overwrites the data in an existing lookup dataset with the contents of the new file.
Click Add to add the file as a lookup.
After receiving a notification reporting that the upload succeeded, Refresh
to view it in your list of datasets.