Skip to main content
Version: 5.0

Data Loading

Search Anywhere Framework provides a simple interface for importing data, designed to be user-friendly without requiring any special technical knowledge.

To upload data into Search Anywhere Framework, follow these steps:

  1. Go to the Main Menu

  2. In the Core section, select Add Data

Main Page

  1. The following interface will be presented, allowing you to import data into the system

Интерфейс загрузки данных

Note!

Only files in the formats .xlsx, .csv, .json are supported for import. Additionally, the file size should not exceed 100 MB.

  1. Select the file jollymeal_wineventlog.csv for import

File Import 2

  1. Click on Next to proceed to the next import step

  2. In the dropdown menu Select options for index, choose New index, and specify a name for it in the corresponding field. It's recommended to use jollymeal_wineventlog as the index name

File Import 2

  1. Perform the data index schema setup

This interface allows for customizing the data types for imported fields without requiring any special technical knowledge. Users can easily select the data type for each imported field, such as text, integer, date and time, etc. This enables the accurate interpretation and analysis of data according to its actual content, ensuring more precise and useful results when analyzing data in Search Anywhere Framework.

It's necessary to change the type of the following fields:

  • event.code: integer
  • winlog.event_id: integer
  • winlog.opcode: integer
  • winlog.process.pid: integer
  • winlog.process.thread.id: integer
  • @timestamp: date

After that, click the "Next" button.

Mapping

  1. A message indicating successful import will be displayed

Завершение импорта

Next, you have the following options:

  • Create index pattern
  • Open in search
  • Load data yet

Searching for information about events is already available, but to proceed further, it's necessary to create an index template, so let's choose this option.

Создать шаблон

  1. In the opened window, click on the Create index pattern button

Шаблоны индексов

  1. In the Index pattern name field, enter jollymeal_wineventlog

Создание шаблона индексов

Note!

The template name must match the index name. Remove the * symbol at the end of the template name.

  1. In the Time field row, select @timestamp, and then complete the template creation by clicking the Create index pattern button

Создание шаблонов индексов 2 шаг

  1. Data loading is complete. Now the data is available for search and analysis. To verify this, simply go to the Main Menu - Core - Search section

In the field, you can enter the query:

source jollymeal_wineventlog