Analyzing investigations

Action menu for additional context

Hover over a specific cell value in the Investigations results table, to open the action menu and access different options depending on the field:

Drill down to … opens an Investigations page with an NQL query listing the results specific to the row of the selected cell value under the field column of interest. See the image below.
- The Drill down to... option is available for metric fields.
Copy value or Copy raw value copies the metric value. Hover over a metric to see the raw number. The system shortens large numbers with appropriate suffixes.
Use the contextual action menu only for inventory objects—users, devices and binaries—to:
- Open binary profiling, Open user overview or Open device view, depending on the case.
- Diagnose for diagnostics dashboards.
- Retrieve all pre-filled investigation queries in the inventory-object context.

Action bar for bulk operations

Additionally, when you select entire rows by selecting the checkboxes on the left side of the table, the system displays an action bar at the bottom of the Nexthink web interface.

Depending on the query, the action bar includes the following options:

Number of items selected.
Drill down to: This option is available only for the list of objects with at least one associated event metric. It allows you to run a quick investigation to retrieve:
- Objects related to the selected items from the results list, with at least one event from the original query recorded.
- Events included in the original query which have been recorded for the selected objects from the results list. The new investigation keeps the original timeframe and filters.
Retrieve all: Run a quick investigation to list all objects or events related to the selected items from the results list, regardless of whether any events from the original investigation were recorded for them. The new investigation keeps the original timeframe and applicable filters.
Execute action: Execute a remote action or workflow on selected devices. This option is available only for lists of devices or users.
Launch campaigns: Send a campaign to selected users. This option is available only for lists of users.
Edit: Edit the value of a manual custom field. This option is available for the list of inventory objects that have a manual custom field applied.

Last updated 2 months ago

Action menu for additional context

Hover over a specific cell value in the Investigations results table, to open the action menu and access different options depending on the field:

Drill down to … opens an Investigations page with an NQL query listing the results specific to the row of the selected cell value under the field column of interest. See the image below.

The Drill down to... option is available for metric fields.

Copy value or Copy raw value copies the metric value. Hover over a metric to see the raw number. The system shortens large numbers with appropriate suffixes.

Use the contextual action menu only for inventory objects—users, devices and binaries—to:

Open binary profiling, Open user overview or Open device view, depending on the case.
Diagnose for diagnostics dashboards.
Retrieve all pre-filled investigation queries in the inventory-object context.

Action bar for bulk operations

Additionally, when you select entire rows by selecting the checkboxes on the left side of the table, the system displays an action bar at the bottom of the Nexthink web interface.

Depending on the query, the action bar includes the following options:

Number of items selected.

Drill down to: This option is available only for the list of objects with at least one associated event metric. It allows you to run a quick investigation to retrieve:

Objects related to the selected items from the results list, with at least one event from the original query recorded.
Events included in the original query which have been recorded for the selected objects from the results list. The new investigation keeps the original timeframe and filters.

Retrieve all: Run a quick investigation to list all objects or events related to the selected items from the results list, regardless of whether any events from the original investigation were recorded for them. The new investigation keeps the original timeframe and applicable filters.

Execute action: Execute a remote action or workflow on selected devices. This option is available only for lists of devices or users.

Launch campaigns: Send a campaign to selected users. This option is available only for lists of users.

Edit: Edit the value of a manual custom field. This option is available for the list of inventory objects that have a manual custom field applied.