Page tree
Skip to end of metadata
Go to start of metadata

Lumeta tables store device data in your Lumeta warehouse.

Several of the most frequently used view-type tables are available for immediate use in the query builder. The rest are listed on the Settings > Tables page, in the Name column.



Data discovered and indexed natively by Lumeta (not ingested) displays in Tables. To make outside data available in Lumeta, you'll need to add a table for it. 

See Adding & Managing Tables for the procedures to add, edit, and delete tables.

There are three types of tables in Lumeta 4.1:

  1. Managed primary - Tables to which parser specifications and data files are required. Work with us to prepare these starter files for you. Lumeta’s analytics platform loads and manages the data, determines the table fields and data types, and creates indexes to it.
  2. External - Tables preconfigured by Lumeta. Users cannot create a table of table type External. 
  3. View - Traditional RDBMS views with SQL providing the data set. In general, views are joined from multiple sources.

Data Structures in Lumeta

Lumeta represents, extracts, and displays data from the Lumeta data warehouse. Some of this data is generated by Lumeta proper, others are ingested from outside feeds and integrated systems. Views express data fields joined across multiple tables. Queries are requests processed against tables to retrieve network data-of-interest. Results are made available at the GUI level in tables and views, both of which surface network data in a grid format (i.e., rows and columns, spreadsheet-like). 

In summary . . .

  • Table - Set of related data. Single source.
  • View -  Set of related data joined from multiple sources.
  • Query - Structured request for data processed against tables and/or views to extract data from them.

Table

Tables organize data. Each table is a set of related data. Each row is a record; each column is the data type and the column header identifies that type.

Following is a table, with the PostgreSQL query and fields indicated.


  View  

Views also represent data.  When the fields of one or more tables are combined (i.e., joined), the result is a view.

Views are visually indistinguishable from tables, but when you open the SQL query from which a view was generated, it frequently (but not always) contains "joins," indicating the fields on which multiple tables and/or views were joined. 

View Query, Fields or Properties

To see the data associated with any table:

  1. Select the row for the table of interest.
      1. Click the Properties, Fields, or Query tab on the right.

        PropertiesFieldsQuery


Query

A query is the method by which data is extracted from a table or a view. Examples follow. 

Inbound Leaks - All Zones

Zombie Devices Summary 

Threat Feed Devices - All Zones

Model

When fields  (i.e., columns) are to be joined across tables or views, the model specifies which columns should be exposed. Models correlate external data with Lumeta core data.

To see the set of views Lumeta generated via models and made available to users, navigate Search > Advanced Queries > Add Query > Pencil icon > Query Builder. 


  • No labels