The latest release of the Devo Platform is here! Release 8.15.0 brings enhancements to Activeboards, Data Search, and Query API. Activeboards UI has been upgraded, providing a variety of benefits including enhanced UI performance, a new Activeboard Manager and time range controls in Widget queries. Data Search has improved the Field Viewer's ability to handle tens of thousands of rows, making it very snappy, as well as bringing JSON parsing, Agnostic Geolocation operators and casting maps to JSON directly within Data Search. Lastly, the Query API has new calls for relative time-ranges, new output format: AVRO and Public Swagger Docs. Let’s dive in!
Geo Availability
| Region | Status |
|---|---|
| CA | Released |
| US | Released |
| US3 | Released |
| EU | Released |
| APAC | Released |
Table of Contents
New Features
Activeboards
New UI for Activeboard Manager
Improvements to Filtering, UI speed and Information-at-a-Glance.
New Activeboard manager streamlines AB information by adding the Activeboard description as a tool tip when you hover over the name. We have also added more filters for each column and a general filter for searching the entire available catalog. UI has also been updated for Favorite, Shared and Scheduled indicators.
Updated UI benefiting Date selector and UI performance
We have updated the underlying UI engine used on the Activeboards page. This has allowed us to provide additional UI performance benefits and:
New Time-Range selector
Completely manipulate the start and end times as fast as you can scroll your mouse wheel!
Time Range for Queries in Widgets
You can now include the time range selected in the activeboard in your widget queries! Use the DATARANGE_FROM and DATARANGE_TO parameters when you edit your Widget Query source!
Data Search
Rebuilt Field Viewer
Fast loading and snappy response from the Field viewer even when loading 30,000+ rows of data!
JSON operation available in Data Search
You can now use the json() operator in Data Search! Here is an example:
| Example |
|---|
| from siem.logtrust.web.activity select (“name”:”john”,”age”:30,”country”:”US”) as map1 select json(map1) as json |
To learn more about JSON and its capabilities visit this Doc page.
Simplified JSON Parsing
This exciting update simplifies the operation to parse or extract JSON fields.
| Old Operation | New Operation |
|---|---|
| select jqeval(jqcompile(“.p”), json) | select jsonp“p”] |
| Example |
|---|
| from siem.logtrust.web.activity select jsonparse(“{\”p\”: 01, 2, 3]}”) as json select jqeval(jqcompile(“.p”), json) //current way to extract “p” select jsonn“p”] as retrieve_by_param_name //new way to extract “p” select at(json, “p”) as retrieve_with_at //another new way to extract “p” |
To learn more about JSON Parse, visit this Doc Page.
Agnostic Geolocation operations
To provide a solution for geolocation operations that get updated over time (mm->mm2->mm?), we have developed agnostic Geolocation operations to future-proof your code and continue to receive the benefits of future updates.
| Example (Old) | Example (New) |
|---|---|
| mm2country | countrycode |
The full list of new agnostic operations is available here in our Docs.
Update and future-proof your queries!
Query API
New output format AVRO
Apache AVRO is an open-source, row-based data serialization format commonly used for big data sets and is now available through the Query API.
Note: Exclusively for the Query API, not currently available in Data Search.
Relative time-range
API now supports relative time-range calls! Here are a few examples of what you can do with these new calls:
| Time Expression | Description | Resulting Time |
|---|---|---|
| now() - 60m | 60 minutes ago | Sunday, 05 February 2017, 12:37:05 |
| now() @ 1h | Now (rounded to the beginning of the hour) | Sunday, 05 February 2017, 13:00:00 |
| now() - 24h | 24 hours ago | Saturday, 04 February 2017, 13:37:05 |
| (now() - 1d) @ 1d | Yesterday (rounded to the beginning of the day) | Saturday, 04 February 2017, 00:00:00 |
| (now() - 2d) @ 1d | 2 days ago (rounded to the beginning of the day) | Friday, 03 February 2017, 00:00:00 |
| (now() - 2d) @ 1m | 2 days ago (rounded to the beginning of the minute) | Friday, 03 February 2017, 13:37:00 |
Learn more about these new calls in our Doc page here.
Public Swagger documentation
Introducing Swagger Docs for the Query API available here.