Analyzing Data
Use the search bar above or navigate the categories below to find articles about Data Analysis.
For setup instructions, check out the Panther documentation on Data Analytics.
- Data Explorer
- As a BYOSF customer, can I query other non-Panther databases?
- Can we query Snowflake directly or only through Panther?
- CrowdStrike TargetProcessId value is incorrect in Panther's Data Explorer
- How can I find a record of all logins to Okta for a specific user in Panther?
- How does the "contains" method work when querying data in Panther?
- How do I do SQL wildcard searching on the contents of an array in Panther?
- How to identify the source of a log in Panther
- Is there a benefit to writing pure Snowql queries instead of relying on a translation layer (standard SQL) in Panther?
- I get the error "SQL compilation error: ambiguous column name 'P_EVENT_TIME'" in my Panther Console when using INNER JOIN in Data Explorer
- My CSV of Data Explorer results from Panther contains unnecessary double quotes
- My query using p_event_time in Panther runs slowly
- Queries are running slowly when using TO_OBJECT in Data Explorer
- The p_any_usernames column is not populated in Panther's Data Explorer with an "int" type user_id
- What does the query error "maximum row size exceeded" mean in Panther?
- Why am I getting the Data Explorer error "Actual statement count 2 did not match the desired statement count 1" in the Panther Console?
- Why might Data Explorer in Panther crash or freeze when running a query?
- Scheduled Queries
- Can I create scheduled queries in Panther that run against baseline metrics to find anomalies?
- How do I create a Panther alert or scheduled query based on baseline metrics?
- How do scheduled rules with multiple associated scheduled queries work in Panther?
- Is it possible to populate a Lookup Table based on the results of a saved query?
- Why do I get a FailedQuery error on my Scheduled Query saying that the table does not exist?