Siren Investigate User Guide

Introduction

Siren Investigate is an investigative intelligence platform built upon Kibana. Siren Investigate supports Elasticsearch and the Siren Federate plugin. For version compatibility, see Setting up Siren Investigate. Siren Federate replaces the Siren Join plugin for distributions based on Elasticsearch 5.x.

Siren Investigate enables you to perform complex analytics on large volumes of data by providing customizable visualizations (charts, maps, metrics and tables) on Elasticsearch searches. Visualizations can be organized into multiple dashboards.

Search results can be filtered interactively through a variety of techniques (date ranges, full text queries, field value matching). By setting up relations between indices, it is possible to filter search results matching documents in a different dashboard, for example by displaying only companies that received investments in a particular year.

In addition, search results can be filtered and augmented by queries on multiple external data sources such as SQL databases and REST APIs; queries on external data sources can also be used as aggregations in visualizations.

In addition to visualizations provided by Kibana, Siren Investigate provides:

  • The Relational Filter visualization (Deprecated), which enables you to configure relations between fields in different indices and to apply cross-dashboard filters (pivoting).
  • The Relational Navigator visualization, which enables you to navigate between relationally connected dashboards.
  • The Siren Investigate Timeline visualization, which displays a timeline with multiple groups of data coming from different indices.
  • The Radar Chart visualization, which is a graphical method for displaying multivariate data with multiple groups of data coming from different indices.
  • The Bubble Diagram visualization, which displays series of data grouped into packed circles.
  • The Scatter Plot visualization, which displays a scatter plot chart in different modes.
  • The Box Plot visualization, which displays a box plot chart from the data.
  • The Horizontal Bar Chart visualization, which displays a horizontal bar chart.
  • The Multi Chart visualization, which displays different types of charts for the same data and enables saving and selecting multiple aggregation configurations.
  • The Enhanced Search Results visualization, which displays query results in a table.
  • The Siren Investigate Query Viewer, which enables the visualization of queries on external data source through Jade or Handlebars templates.
  • The Siren Investigate Graph Browser, which displays the currently selected Elasticsearch documents as a node of a graph and enables the user to visually explore the connection between vertices.

The Relational Filter visualization requires the Siren Federate plugin 5.6.9-10.0.0 for Elasticsearch.

How does Siren Investigate compare to Kibana?

Siren Investigate is currently developed as a fork of Kibana 5.6.9. Although configuration objects are mostly the same, you should keep Siren Investigate and Kibana in separate indices.

What’s new in Siren Investigate

To see all the changes, check the full release notes.

Search results

    No results found