QUESTION

Why do I see a discrepancy in the summary of my Panther data when viewed in Search vs Data Explorer?

Data Explorer:

I am after the results we get when running a SELECT count (DISTINCT <field>) statement.

Search GUI:

When viewing the same data in Search, same time window, I see the same surge of data ingest, I then attempt to summarize by Column and the items I see are not correct.

ANSWER

The Search feature currently limits the length of the summary. This view is designed to provide the top or bottom N results and facilitate quick pivots. If you need to view ALL the results, the recommended approach is to use a SQL query in the Data Explorer and review this output.