Siren Platform User Guide

Enhanced search results visualization

Enhanced search results is a visualization that shows the documents matched by a query on an Elasticsearch index, similar to the stock Discover table.

In addition to column configuration, the visualization provides the following features:

  • To hide the time column, which represents a time field of the Elasticsearch index, select the Hide time column check box.

  • IYou can set a page size which is a count of rows displayed each page. To enable top pagination, select the Show top paginator check box.

  • To use aliases in place of the column names in the data, see .

  • It is possible to enable a column that indicates whether a search result is matched by a query on an external datasource. For more information, see .

  • It is possible to define click handlers on the cells in a column, for example to open the URL displayed in a cell. For more information, see .

  • To create filters from table rows, see .

config.png
Rename columns

It is possible to create an alias and set a minimum width for each column.

To enable renaming columns, select the Enable column rename check box.

alias.png

To configure the names of columns, you can set these parameters:

  • Alias (required): The column alias that is displayed as a column name.

  • Min width (optional): The minimum width of the column.

Relational column

The relational column can be used to display if a search result is matched by a query on an external datasource.

To enable the relational column, select the Enable Relational Column check box.

The following image shows the configuration of a relational column named Why Relevant? where the value of a cell depends on the query Top 50 companies (HR count): if the value of the label index field of a document matches the value of the label variable in at least one record returned by the query, the name of the query will be displayed inside the cell.

relational_column_config.png
relational_column_sample.png

To configure the relational column, you must set these parameters:

  • Column name: the column name that will be displayed in the table header.

  • Source Field: the name of the index field that will be compared to a variable in the query results.

  • Target query: the name of the query to execute.

  • Target query variable name: the name of the query variable that will be compared to the index field specified in Source field.

Click handlers

It is possible to define two different actions when clicking a cell;

  • Open a URL defined in the corresponding index field.

  • Select an entity in an external datasource matching the corresponding index field.

Follow URL

Select the Follow URL action to open a URL stored in an index field in a new window.

For example, the following configuration defines a handler that opens the URL stored in the field homepage_url when clicking the cell displaying the label field.

click_follow_url.png

To configure a click handler, you must set the following parameters:

  • Column: The name of the column to which the handler will be bound.

  • On click I want to: The action to perform on click. Select Follow the URL here.

  • URL field: The name of the field containing the URL.

  • URL format: A custom format string to compose the URL, where @URL@ is replaced with the value of the field set in URL field.

URL format can be used to create dynamic URL. The following image shows a configuration in which the value of the id field is used to define the path of a URL on example.org.

With this configuration, if the id field is set to 11 the resulting URL will be http://example.org/11.

click_follow_url_custom_format.png
Select an entity

Select the Select an entity action if you want to select an entity stored in an external datasource matching the selected Elasticsearch document; for more information about entity selection, see .

To configure an entity selection action you must set the following parameters:

  • Column: The name of the column to which the handler will be bound.

  • On click I want to: The action to perform on click. Select Select the document here.

  • Redirect to dashboard: If set, clicking the cell selects the entity and displays the specified dashboard.

click_select_entity.png
Row filters

It is possible to create filters from table rows.

To enable the row filters, select the Enable row filters check box.

enable_row_filters.png

Then, select rows which you wanted to create filters from and click Create Filter.

row_filters.png
CSV/JSON Export

If you would like to export the documents matched by a query on an Elasticsearch index, press the 'Export' link at the bottom of the enhanced search results visualization.

export_table_view.png

This will display a dialog box with several options.

export_dialog.png

The basic options allow you to choose between CSV (Comma-separated values) and JSON export formats.

Pressing the 'Export' button in the dialog will begin exporting all the documents matching a query on an Elasticsearch index in the format you have chosen.

For more control over what gets exported, press the 'additional settings' link to list some more advanced options.

By default, all fields of an index will be exported. To limit the export to a specific set of fields, press the arrow next to 'Fields'. This will display a list of all the fields in the index we’re exporting from. Simply select the checkbox next to the name of the fields you want to export.

export_fields.png

The next option is to limit the number of documents to export. By default all documents matching a query on an Elasticsearch index will be exported, but this can be limited to a specific number by entering it in the 'Limit' input box.

export_limit.png

When the 'Export' link at the bottom of the enhanced search results visualization is pressed, the time filter is frozen to the range of time as it is when the link is pressed. This can be refreshed by pressing the refresh icon.

Finally, when exporting as CSV, you have the option of applying field formatters to fields where they are defined. Simply press 'Yes' next to the 'Formatted' option.

export_formatted.png
Exporting Dashboard Visualizations

Dashboard visualizations can be exported as images or as a PDF document.

To take a snapshot of the dashboard as a PDF or to get a single visualization as an image, first click on the 'Export' button to display the export panel.

Screenshot_from_2019-02-08_15-09-36.png

PDF snapshot or printing:

Saving a PDF snapshot or printing is available from the export panel. Additional options are available, such as 'Include dashboard query in output' or 'Include non-graphic panels in output (e.g. tables, controls)' to include useful information when you want to create a PDF document and download it (Download as PDF) or open in a new window for printing (Print).

Note: Panels without results or panels opened in spy mode will not be included in the document.

PNG capture of visualization:

Screenshot_from_2019-02-07_10-29-27__another_copy_.png

To export a single visualization as an image, click on the camera button seen on dashboard visualizations (the button is available while the export panel is open).

The exported visualization will be saved as a PNG image.

Note: Panels without results or panels opened in spy mode will not be available for capturing.

Note regarding nginx

Some settings for nginx can interfere with the functionality of the export feature, namely the proxy_buffering directive.

To avoid any potential issues, we recommend disabling the proxy_buffering directive in your nginx configuration.

Example nginx configuration, where Siren Investigate is running behind the proxy on basePath = BASE_PATH:

location /BASE_PATH/export {
    proxy_buffering off; <---- Here is the important bit
    auth_basic                  "Restricted";
    auth_basic_user_file        /etc/nginx/passwords_enterprise;
    rewrite /kibi/(.*) /$1 break;
    proxy_pass http://127.0.0.1:15013/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
    client_max_body_size 100M;
}

location /BASE_PATH {
    auth_basic                  "Restricted";
    auth_basic_user_file        /etc/nginx/passwords_enterprise;
    rewrite /kibi/(.*) /$1 break;
    proxy_pass http://127.0.0.1:15013/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
    client_max_body_size 100M;
}