XDR Collector Datasets

After Cortex® XDR™ begins receiving data from your XDR Collectors configuration, the app automatically creates an XQL dataset.
After Cortex® XDR™ begins receiving data from your XDR Collectors configuration that are dedicated for on-premise data collection on Windows and Linux machines, the app automatically creates an XQL dataset using the module or input specified during the Filebeat setup. The dataset name follows the format
<module>_<module>_raw
or
<input>_<input>_raw
. For example, if you are using the NGINX module, the dataset is called
nginx_nginx_raw
.
After Cortex XDR creates the dataset, you can search for your XDR Collector data using XQL Search.

Recommended For You