Notebook Data consumed in advanced queries
To see the volume of data that each console user account has used, create and run a notebook from the Data used in advanced queries template.
Access the Notebook
-
In the top menu, select Investigations. Select an open investigation or create a new one:
-
Click the New investigation icon
in the upper-right corner of the page.
-
Select the MSSP clients on which you want to run the investigation. In this case, that data is not relevant because the aim is to run a notebook from a template.
-
-
In the Files panel, click the
-
In the menu, select Automated investigation.Select the Data used in advanced queries template. The parameters dialog box opens.
-
In
date_fromanddate_toenter the time limits for the data usage information you require. Click OK.
The maximum period is six months. If you select a greater period, an error message appears.
Content of the Data Used in Advanced Queries Notebook
The Data used in advanced queries notebook contains a series of fields that show the amount of data used, measured in GB and corresponding to the specified period:
| Field | Description |
|---|---|
|
Total usage |
The accumulated total from all user accounts managed by the MSSP. |
|
Average usage per day |
Daily average from all user accounts managed by the MSSP. |
| Field | Description |
|---|---|
|
|
User account email address. |
|
Total notebook (GB) |
Amount of data requested from the data lake from notebooks. |
|
Total exploration (GB) |
Amount of data requested from the data lake from SQL queries. |
|
Total (GB) |
Amount of data requested from the data lake by each user account. This is the sum of all the previous categories. |
|
Average (GB) |
Daily average of data usage for the specified period. |
| Field | Description |
|---|---|
|
|
User account email address. |
|
Clients |
Clients visible to the user account. See Client Visibility Settings. |
|
Total (GB) |
Amount of data requested from the data lake by each user account. |