Managing aggregated data views

A large volume of data aggregation can decrease your system performance. The Ariel function uses a separate database for aggregated data in order to improve system performance and to make the data more readily available. You can disable, enable, or delete aggregated data views. Time series charts, report charts, and anomaly rules use aggregated data views.

About this task

The items that appear in the Display list sort the data.

The Aggregated Data View is required to generate data for ADE rules, time series graphs, and reports.

Disable or delete views if the maximum number of views is reached.

Duplicate views can appear in the Aggregated Data ID column because an aggregated data view can include multiple searches.

Procedure

On the navigation menu ( ), click Admin.
In the System Configuration section, click Aggregated Data Management.
To filter the list of aggregated data views, perform one the following options:
- Select an option from the View, Database, Show, or Display list.
- Type an aggregated data ID, report name, chart name, or saved search name in the search field.

To manage an aggregated data view, select the view, and then click the appropriate action on the toolbar:

If you select Disable View or Delete View, content dependencies are displayed for the aggregated data view. After you disable or delete the view, the dependent components no longer use aggregated data.
Enable a previously disabled aggregated data view to restore the view.

Table 1. Aggregated Data Management View column descriptions
Column	Description
Aggregated Data ID	Identifier for the aggregated data
Saved Search Name	Defined name for the saved search
Column Name	Column identifier
Times Searches	Search count
Data Written	The size of the written data
Database Name	Database where the file was written
Last Modified Time	Timestamp of the last data modification
Unique Count Enabled	True or False: Search the results to display unique event and flowcounts instead of average counts over time.