Searching data / Working in the search window / Advanced data operations / Graphical correlation / Cross-Search Graph Diagram
Cross-Search Graph Diagram
Overview
Combine data from two or more queries in a graph diagram that illustrates the relationships across the data.
What data do I need for this widget?
In order to generate the cross-search graph diagram, you need to run at least two queries with at least one column in common.
Creating a Cross-Search Graph Diagram
Go to Data Search and open at least two queries.
- Click the gear icon on the toolbar and select Graphical Correlation → Cross-search graph diagram.
Here is the diagram workspace where you need to add nodes and establish connections so the diagram is constructed.
Click and drag the columns from the table and drop them onto the workspace. Then, select the other query in the navigation pane and repeat the process.- Create the join between two nodes (the new link appears as a discontinuous line and their types are matched). You can use one of the following methods:
- Hover over the source node and a green plus sign appears. Drag it so that a red arrow appears and then release it onto the target node.
- Hover over the source node and a green plus sign appears. Click on it and move the cursor away so that a red arrow appears, then click on the target node.
Click Apply.
- When you try to create a link and the red arrow appears, you will see a green circle around the target node if the join is possible and a red one if it is not.
- If you accidentally added to your diagram workspace more nodes or links than you needed or you do not want them for whatever reason, you can remove them. To do that, click the one you want to remove (a green circle appears around nodes and a green dot in the center of links) and press:
- On Windows → DELETE
- On Mac → FN + DELETE
- The cross-search graph correlating the information from both tables is displayed.
If you want to modify the nodes and their connections click the settings button at the top right corner of the graph window
. To know more about the different options to add content to the graph diagram, check the Creating a graph diagram article.
Work with your Cross-Search Graph diagram
Once the graph is constructed, you can work with it using the options in the left panel. To know more about these options, check the Working in the graph diagram article.
Save your Cross-Search Graph Diagram
You can save your cross-search graph diagrams to access them again for further analysis without having to construct them again. Select the save icon at the top right corner of the graph window 
and give it a name. To know how to access and manage them, check the save cross-search charts section of the graphical correlation article.
Query example
Access the siem.logtrust.web.activity and siem.logtrust.web.navigation to recreate the example shown in the images above.