You can configure your Discover appliance to send transaction-level records to a Google BigQuery server for long-term storage, and then query those records from the ExtraHop Web UI and the ExtraHop REST API.
Before you begin
- You need the BigQuery project ID
- You need a credential JSON file from your BigQuery API authentication page
|Note:||Any triggers configured to send records through commitRecord to an Explore appliance are automatically redirected to the BigQuery. No further configuration is required.|
Complete this procedure on all connected Command and Discover appliances.
- Log into the Admin UI on the ExtraHop appliance.
- In the Records section, click Third-party Recordstore.
Select Enable BigQuery as the recordstore.
Important: If you are migrating to BigQuery from a connected Explore appliance, you will no longer be able to access records stored on the Explore appliance.
- In the Project ID field, type the ID for your BigQuery project. The project ID can be found in the BigQuery API console.
- In the JSON Credential File field, click Choose File and select the credential JSON file saved from your BigQuery project.
- Click Test Connection to verify that your Discover appliance can communicate with the BigQuery server.
- Click Save.
After your configuration is complete, you can query for stored records in the ExtraHop Web UI by clicking Records.
|Important:||Do not modify or delete the table in BigQuery where the records are stored. Deleting the table deletes all stored records.|
|Note:||The Chart Summary and Group by selector are not available on the Records page.|