Use IBM® Security Data
Explorer
to validate that your ingestion data
sources are ingested.
About this task
Create queries in Data Explorer to validate that your
ingestion data sources are
ingested.
Procedure
- If you are on the Ingestion data sources page, click the date in the
Last event seen column for the source that you want to validate.
- If you are not on the Ingestion data sources page, go to Data Explorer, and then click
Advanced builder.
- Enter the following query:
alerts
// Only bring back what you need - there are 250+ columns in alerts view
| project original_time
// Limit to the time range you need specifically
| where original_time > ago(60m)
| count
- Click the timestamp for the start date and select a date from the quick
ranges.
- Click Apply custom range.
- Click Run query.
Results
The results of your query appear.
What to do next
Explore
Results