8.2 Offline Query

An offline query is most often used to run queries against large amounts of data. An offline query continues to run even after the user logs out of the Sentinel Control Center, if necessary.

NOTE:You can view the result of your query only after it is completely processed.

After the query has completely finished processing, the results are available to the user who initiated the offline query and other Sentinel users with the same security filter. When you attempt to browse or save the result as HTML or CSV, the data is transferred from the server to the local machine running the Sentinel Control Center.

For performance reasons, the result set for offline query is limited to 100,000 records. For better results, you must specify a better filter or a smaller time range when creating an offline query.

8.2.1 Creating an Offline Query

  1. Click Analysis on the menu bar. The Offline Query window displays. Alternatively, you can click the Offline Query button on the toolbar.

  2. In the Offline Query window, click Add button located on the top left corner of the page. The Add Offline Query window displays.

  3. Provide a query name, then select an existing filter to be used for generation of offline query.

    For more information on the selection and creation of filters see Section 3.0, Active Views Tab.

  4. Select the start date and end date for which you want to generate an offline query.

  5. Specify the description in the Description tab.

  6. Click OK. The offline query is listed in the Offline Query window.

8.2.2 Viewing, Exporting, or Deleting an Offline Query

  1. Click Analysis on the menu bar. The Offline Query window displays. Alternatively, you can click the Offline Query button on the toolbar.

  2. In the Offline Query window, select an offline query. The following options are available:

    • Browse: Click Browse to view the output of the offline query in the Active Browser window.

    • CSV: Click CSV to generate a comma separated value file with the queried information.

    • HTML: Click HTML to generate an HTML file with the queried information.

    • Delete: Click Delete to delete the offline query. A confirmation message alert displays. Click Yes to delete.

    • Details: Click Details to view the details of the offline query as specified when the query was added.