Visualize Query Results
Cortex XDR enables you to generate helpful visualizations
of your XQL query results.
To help you better understand
your XQL query results and share your insights with others, Cortex
XDR enables you to generate visualizations of your query data directly
from the XQL Search page.
- Navigate to .
- Runan XQL query.For example, enterdataset = xdr_data | fields action_total_upload, _time | limit 10. The query returns theaction_total_upload, a number field, and_time, a string field, for up to 10 results.
- In theQuery Resultssection, to visualize the results either:
- Navigate toto manually build and view the graph using the selected visualization parameters:Query ResultsChart Editor (
)
- Main
- Graph Type—Type of visualization;Area,Bubble,Column,Gauge,Line,Pie,Scatter, orSingle Value.
- SubtypeandLayout—Depending on the selected type of graph, choose from the available display options.
- Header—Title your graph.
- Show Callouts—Display numeric values on graph.
- Data
- X-axis—Select a field with a string value.
- Y-axis—Select a a field with a numeric value.
- Depending on the selected type of graph, customize theColor,Font, andLegend.
- Enter the visualization parameters in the XQL query section.You can express any chart preferences in XQL. This is helpful when you want to save your chart preferences in a query and generate a chart every time that you run it. To define the parameters, either:
- Manually enter the parameters, for example,view graph type = column subtype = grouped header = “Test 1” xaxis = _time yaxis = _product,action_total_upload.
- SelectADD TO QUERYto insert your chart preferences into the query itself.
- (Optional) Create a custom widget.To easily track your query results, you can create custom widgets based on the query results in the Widget Library. The custom widgets you create can be used in your custom dashboards and reports.SelectSave to Widget Libraryto pivot to the Widget Library and generate a custom widget based on the query results.
