Analyzing Data
Use the search bar above or navigate the categories below to find articles about Data Analysis.
For setup instructions, check out the Panther documentation on Data Analytics.
- Data Explorer
- As a BYOSF customer, can I query other non-Panther databases?
- Best practices for faster querying of data in Panther
- Can we query Snowflake directly or only through Panther?
- CrowdStrike TargetProcessId value is incorrect in Panther's Data Explorer
- How can I find a record of all logins to Okta for a specific user in Panther?
- How can I query for a nested JSON object's attribute in Panther?
- How does the "contains" method work when querying data in Panther?
- How do I correlate user activity across multiple alerts in Panther?
- How do I do SQL wildcard searching on the contents of an array in Panther?
- How to identify the source of a log in Panther
- Is there a benefit to writing pure Snowql queries instead of relying on a translation layer (standard SQL) in Panther?
- I get the error "SQL compilation error: ambiguous column name 'P_EVENT_TIME'" in my Panther Console when using INNER JOIN in Data Explorer
- My CSV of Data Explorer results from Panther contains unnecessary double quotes
- My query using p_event_time in Panther runs slowly
- Panther p_occurs_between returns "Your query did not return any results"
- Queries are running slowly when using TO_OBJECT in Data Explorer
- The p_any_usernames column is not populated in Panther's Data Explorer with an "int" type user_id
- What does the query error "maximum row size exceeded" mean in Panther?
- Why am I getting the Data Explorer error "Actual statement count 2 did not match the desired statement count 1" in the Panther Console?
- Why does my ingested event name field contain the word "slash" instead of the "/" in link names in Panther?
- Why do I get NULL results when querying fields under the payload column in the classification_failures table in Panther?
- Why do I see everything under a single Data column when querying directly in Snowflake rather than in Panther?
- Why might Data Explorer in Panther crash or freeze when running a query?
- Scheduled Queries
- Can I create scheduled queries in Panther that run against baseline metrics to find anomalies?
- Can I have a Saved Query in Panther with a JSON selector in it?
- Can I use a stored procedure (`CALL`) in a Scheduled Query in Panther?
- How do I create a Panther alert or scheduled query based on baseline metrics?
- How do scheduled rules with multiple associated scheduled queries work in Panther?
- How to resolve "Bulk upload failed to update a saved query" error in Panther
- Is it possible to populate a Lookup Table based on the results of a saved query?
- Is it possible to upload Saved Queries using Panther Analysis Tool?
- What AnalysisType can I use for non-scheduled queries that I upload via PAT?
- What timezone are Panther Scheduled Query cron expressions in?
- Why do I get a FailedQuery error on my Scheduled Query saying that the table does not exist?