Investigation Dashboard

The Investigation Dashboard provides powerful tools for identifying and assessing problems that might exist in your Guardium environment. It uses either local or system-wide unfiltered data, and provides numerous filter options to query data across an entire Guardium environment, potentially from any Guardium collector within that environment.

The Investigation Dashboard's inter-related charts help reveal patterns, anomalies, and relationships across your data. You don't need detailed knowledge of topology, aggregation, or load balancing schemes. The Investigation Dashboard contains the original quick search for enterprise functions, and additional tools for visualizing and analyzing data.

Note: It is recommended to view the Investigation Dashboard in full screen mode.

Restriction: The Investigation Dashboard and the Data Level Security cannot be enabled concurrently.

Operating Modes

The Investigation Dashboard supports three operating modes:

Central Manager only

Queries are submitted on a Central Manager return enterprise-wide results from all Guardium collectors with search enabled. Queries that are submitted on managed units return local results.

Central Manager only is the default operating mode.

All machines

Enterprise-wide search queries are submitted from any machine in the Guardium environment with search enabled. This mode can result in slower search results and requires connectivity between all managed units in the environment.

Local only

This mode limits search queries to the local collector where the search is submitted: no data is retrieved from other collectors in the Guardium environment. On a CM on local only mode, there is no data displayed.

See GuardAPI Quick Search for Enterprise Functions for information about setting the search mode.

For an introduction and overview of the Investigation Dashboard, see the video, Investigation Dashboard overview.