Replay of Archived Data

Replay lets you re-analyze archived log data by processing it from its archived location on an ST appliance with an LX appliance as its remote appliance.

The LX appliance treats the data as if it were new data, and sends it through the parsing process again.

Because you are replaying archived data, the original timestamps on the log data are kept, so you need to run reports and searches with this in mind. The archived data can then be made available to custom reports and searches.

Replay is particularly useful if you recently added support for new log sources, reports, or Compliance Suites.

Note:
  • Replay is not supported on MX appliances.
  • Replay only works with IPv4 addresses.