Local and distributed search

About this task

The Investigative Dashboards can run in either local or distributed modes. In local mode, searches are limited to the data available under the local machine (the machine from which the search is run). For example, a local search that is run from an individual collector returns results from data sources under that collector but not from any data sources under other collectors in the environment. In distributed mode, searches return data from across the entire GuardiumĀ® environment and results are not limited by the specific machine on which the search is run. A topology tool is provided to conveniently narrow search results to specific segments of the overall Guardium environment.

Investigative Dashboards default to local search mode.

Procedure

  1. To toggle between local or distributed search, click the Enable / Disable search all appliances icon Distributed search icon in the search window toolbar.
    Search results automatically update to reflect the available data based on the selection of local or distributed search.
  2. See Using the topology view for information about filtering global search results by a specific segment of the Guardium environment.