Exporting and recreating split PST files
Hello, Using Discovery Accelerator 9, I've exported out a significant amount of email for a custodian (about 50GB). I've selected to export as 'Original Type' and to encapsulate in a PST format. Doing this, I've run across a couple of questions that I'm not able to answer fully and I'm hoping someone here can do so. Question 1: The PST files split into 1.32GB size chunks and seems to divide the PST files exactly on this size (like a zip file). After looking at a PST file, it seems to possibly parse the msg files in different PST files. Meaning an email with one attachment can possibly save the email in one PST and the attachment in another. Is this something that it does? If so, is there an option to have it not do this? Question 2: After the above, it also looks like it does not retain original folder structures (maybe it never had one being in the archive). If this is correct, is there another method of export that may solve that? Thanks so much for any help.Solved2.2KViews0likes7CommentsDiscovery Accelerator Automatically accept search results issue
I create a schedule search in DAwith automatically accept search results, the search come back with results, but the status is pending acceptance (errors), the errors were caused by some indexes were not searchable, some archives associate accounts were disable in AD; Just wondering is it possible to bypass the search errors to still automatically accept all search results?1.1KViews0likes1CommentBest way / practices to search Merge1 content (zoom meetengs)?
We are capturing zoom meetings via merge1 directly to an EV archive and results are shown in a not so friendly manner in my opinion (screenshot attached). I´m wondering, What´s the community doing as best practice to search Merge1 content in EV? Thanks in advance626Views0likes1Commentbulk reject pending searches
Hi All, I am in the process of upgrading DA for a customer and found that there are a large number of pending searches in various cases. As it is recommended to check for any pending searches, exports before upgrade and reject them, I am looking for a SQL query to bulk reject all pending searches, exports. Thank you! Regards, VJ999Views0likes1CommentDA11, Looking for an SQL Query for all searches run with how long each search took
DA11, Looking for an SQL Query for all searches run with how long each search took. We can get the searches - no issue - can only seem to pull creation and modifed dates - but looking for time stamp for duration of each search. use [Database] SELECT SearchID, CaseID, NumHits, PrincipalName AS ModifiedBy, tblIntSearches.Name AS SearchName, tblIntSearches.ModifiedDate AS DateModified, CreateDate, tblStatus.[Name] AS SearchType, CreationType.[Name] AS CreationType, SampleResultSize, NativeQuery, NativeLegacyQuery, XMLText FROM tblIntSearches LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[ModifiedByID] = tblPrincipal.[PrincipalID] INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID] INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID] WHERE tblIntSearches.[StatusID] <> 858 AND PrincipalName IS NOT NULL UNION ALL SELECT TypeID AS SearchID, tblAudit.CaseID, NumHits, PrincipalName AS ModifiedBy, tblIntSearches.Name AS SearchName, AuditDate AS DateModified, CreateDate, tblStatus.[Name] AS SearchType, CreationType.[Name] AS CreationType, SampleResultSize, NativeQuery, NativeLegacyQuery, XMLText Name FROM tblIntSearches INNER JOIN tblAudit ON tblAudit.TypeID = tblintSearches.SearchID AND tblIntSearches.StatusID <> 858 AND tblAudit.AuditTypeID = 1052 LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[CreatedByID] = tblPrincipal.[PrincipalID] INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID] INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID] ORDER BY CreateDate DESC703Views0likes1CommentDA Attachment Name Search
Thank you in advance for any assistance! EV and DA are v9 All I need to perform is a search that looks for attachment names that have, for example, "ABC" in the file name. I've referenced these two links and cannot get any DA hits on my search attempts. http://www.symantec.com/connect/forums/discovery-search-specific-attachment-name http://www.symantec.com/connect/articles/discovery-accelerator-hidden-searchable-items Using information from the 2nd link, it appears that I can use attribute "TSUB" with description: Attachments only - the subject / title of the top-level item. Do I use a Custom Attribute within a new search to utilize "TSUB"? If I populate the screen like the screen shot below, I get zero hits and I know there are attachments with "ABC" in the file name.Solved3.4KViews0likes6CommentsHow to audit Discovery Accelerator ?
Hi Everybody, EV version is11.0.1 If it is possible I would like toenable auditingfor Discovery Accelerator. 5 years ago it wasasked inforum discuss about this issue :https://www-secure.symantec.com/connect/forums/auditing-actions-taken-discovery-accelerator Auditing situationfor DA still is the same or is there any new work ? Thank you,Solved5.5KViews0likes12CommentsSeeking SQL query returning per-user count of (non-legal hold) items to be expired from EV
Hi all, Long-time listener, first-time caller. Our customer is looking to turn on expiry in their environmentfor the first time.They use EV in a non-traditional manner, so of 32MM+ items, upwards of 2/3 (maybe even 9/10)are on legal hold via DA. Effectively the only items not on legal hold are from cases thatwere active but have since been closed, removing the holds. Many of the holds overlap, as well. We have successfully tested expiry in a near-duplicateQA EV environment and removed about 2MM items without incident. After presenting that result, the customer's IT team has requested that we add an additional step to present to legal before advancing into Production. They'd like as granular a report as possible of what will be removed so they can confirm the data to be expired should be expired. Criteria are below: Asimplecount of items to be removed per user would be the bare minimum. A better solution would include retention categories The perfect query would provide: Granular item-by-item reporting (for at least some users) Ameans by which at least a subset of physical savesets could belocated and presented After digging around the forums for quite some time, I've tested versions ofJesusWept3's query (which looks like it should do exactly what I need) but: In my lab (which does not have DA) I need to remove any references to the holdsaveset table or else it returns no results I'm considering adding DA to my lab to test it, but I have little doubt thatJesusWept3knows his stuff. I'm confident that it will work. In the QA environment, looking at just one of three vault stores, I stopped it after about 36 hours of execution, made some modifications and was unable to make it work more efficiently. I started it again and it has still not completed running after anotherhours.Even if it does conclude after, say, 48 hours, this is not likely to be an acceptable option to management. Please let me know if you have any tweaks, experience or advice to offer6KViews0likes10CommentsDiscovery Accelerator - Search results, can you review without accepting
I'm working with Discovery Accelerator at the moment and I'm wondering what the story is with the search functionality within a case You create a case and you do your search/ searches. Now as far as I can tell the only means of review to see if your search results are right is the number of records returned? that's why the underlined statement below in the DAhelp confuses the hell out of me. The only way Ican look at the results is by accepting them for review, Once Ihave done that I can't modify the search if it wasn't right. Because Ican't then remove an incorrectsearch I have to delete the case and start again. I have to say it seems to me to be one of the most unintuative features of the whole system and I'm a lead infrastructure analyst who putEV and a SANin, what the hell happens when Iunleash this on the users?!?!?!? They are going to go nuts!! Can someoneconfirmifthis isthe correct understanding of how it should operate, it's doing my head in!! When you have created a case, you must search for information to include in it. This process involves the following activities: Running one or more searches on the relevant vault stores for suitable information. Discovery Accelerator offers a wide range of search criteria from which to choose: words and phrases to look for, date ranges, message size, author and recipient addresses, and more. Studying the search results to assess their suitability, and then either accepting or rejecting the results.Solved4.3KViews2likes16Comments