Siren Platform User Guide

Siren Investigate 10.0.0-rc.1

Siren Investigate Changes


  • Fixed bug in autorelations when creating a dashboard without a saved search.
  • A number of fixes to the upgrade backup process:

    • Now the backup files are backed up to the /data folder
    • Enables the user to specify a custom backup folder
    • Changed backup folder names to use ISO datetimes for timestamp
    • The index is removed and restored from scratch if there is a problem to prevent extra objects from the new index remaining.
  • Fixed missing docs link in time filter creator.
  • Fixed visibility toggle on autorelation buttons - now buttons are hidden when configured in the visualization.
  • Autoselect now does not discard multifields if their parent is unselectable, for example it is not aggregatable
  • Fixed Dashboard sidebar drag & drop UI to make it clearer the dashboard is being dragged when grabbed with the cursor.
  • Fixed explanation when filter was negated - now says NOT ….
  • Fixed bug in autorelation buttons where the buttons were not shown on an index pattern with no relations.
  • Fixed an bug with filters being merged with the state unnecessarily causing issues on dashboard reload.
  • Now deleting an index pattern in Indexes and Relations updates the list so the deleted index pattern is removed.
  • Fixed bug in rendering the TagCloud visualization that would cause a browser crash on tag cloud load.
  • Sorting is now possible again in the Enhanced Table visualization.
  • Fixed filter selection icons showing in each column of a row when moving the mouse pointer over a cell.
  • Fixed a bug where multiple filters from individual relational buttons could be added to the Elasticsearch request.
  • Now the names of the datasources can be edited after they have been saved.
  • Now returning more explanation if your query fails because of an Out Of Memory exception.
  • A wildcard query on a dashboard no longer shows a filter icon on the dashboard sidebar.


  • All the icons have been changed to FontAwesome 5 Pro versions.
  • Impala has been added to the list of available JDBC datasources.
  • The segmented request logic for discover page to prevent the doc table in Discover trying to request the same data again.
  • Merged changes from Kibana 5.6.8.
  • Changed to consistently use match_all: {} queries instead of query_string: { query: '*' }.
  • Table visualizations header styling was improved to reduce white space between columns.
  • Added a note to inform about the upcoming deprecation of the Relational Filter visualization.
  • EIDs are now prioritized in automatic dashboard field selections.
  • Added selection per row for filter creation in the Enhanced Table visualization.
  • Improved the dashboard highlight color.
  • Now the first index pattern that is created is automatically set as the default index pattern.


Graph Browser


  • Various performance improvements:

    • Improved performance by optimizing the serialization of sessions.
    • now handles the addition of several entities quickly.
    • Reduced the request payload to improve response times.
    • Better handling of more than 1024 nodes.
    • Selection algorithm was improved to help data selection changes.
    • Now batch sending requests on expansion - leading to increased responsiveness.
  • Better consistency in link directions.


  • Fixed bug where EIDs would not show on expansion.
  • Stopped unnecessary HTTP calls if the license was invalid/missing.
  • Fixed a bug where canceling a lazy loading in the graph caused browser to hang.


  • Added Graph Browser sidebar Lenses:

    • Now you can navigate through your data on the Graph Browser, select data, apply functions and transformations to the data.
    • The Graph Browser ships with scripts to transform your data’s size, color, and so on based on a field.
  • Added the ability to manually add EIDs to a graph.
  • Added a check box to show nodes on the graph without time fields when using the timeline.
  • Added exclude configuration to fields to enable the user to remove extraneous fields from the graph.
  • When expanding a large node, now the user can choose to retrieve a subselection (the amount retrieved is configurable).
Access Control


  • Fixed indentation in the default Role template.
  • Now enables tabs in the Role templates.


  • Added a button to enable the renaming of configurations.
  • Added a warning when you click "Get Default Configuration" that your current configurations will be destroyed.
  • Added a warning when a field is in a configuration but not in the associated index pattern.


  • Fixed a bug where a query with no data in the field would return an error.

Search results

    No results found