Discovery Accelerator

410 Topics

Exporting and recreating split PST files
Hello, Using Discovery Accelerator 9, I've exported out a significant amount of email for a custodian (about 50GB). I've selected to export as 'Original Type' and to encapsulate in a PST format. Doing this, I've run across a couple of questions that I'm not able to answer fully and I'm hoping someone here can do so. Question 1: The PST files split into 1.32GB size chunks and seems to divide the PST files exactly on this size (like a zip file). After looking at a PST file, it seems to possibly parse the msg files in different PST files. Meaning an email with one attachment can possibly save the email in one PST and the attachment in another. Is this something that it does? If so, is there an option to have it not do this? Question 2: After the above, it also looks like it does not retain original folder structures (maybe it never had one being in the archive). If this is correct, is there another method of export that may solve that? Thanks so much for any help.
Solved
Brad_NMRS
2 years ago Place Discovery Accelerator
2.3KViews
0likes
7Comments
Discovery Accelerator Automatically accept search results issue
I create a schedule search in DA with automatically accept search results, the search come back with results, but the status is pending acceptance (errors), the errors were caused by some indexes were not searchable, some archives associate accounts were disable in AD; Just wondering is it possible to bypass the search errors to still automatically accept all search results?
truezjz
3 years ago Place Discovery Accelerator
1.1KViews
0likes
1Comment
Best way / practices to search Merge1 content (zoom meetengs)?
We are capturing zoom meetings via merge1 directly to an EV archive and results are shown in a not so friendly manner in my opinion (screenshot attached). I´m wondering, What´s the community doing as best practice to search Merge1 content in EV? Thanks in advance
Jose_Luis_Per1
4 years ago Place Merge1
627Views
0likes
1Comment
Publish DA Client for remote access?
Hi, We need the DA client to be run from a browser or a desktop shortcut from remote devices not in the EV-DA domain. Has anyone achieved that? If so, With which technology? Citrix app virtualization perhaps? Thanks in advance
Solved
Jose_Luis_Per1
4 years ago Place Discovery Accelerator
1.7KViews
0likes
3Comments
bulk reject pending searches
Hi All, I am in the process of upgrading DA for a customer and found that there are a large number of pending searches in various cases. As it is recommended to check for any pending searches, exports before upgrade and reject them, I am looking for a SQL query to bulk reject all pending searches, exports. Thank you! Regards, VJ
vjose790
5 years ago Place Discovery Accelerator
1KViews
0likes
1Comment
DA11, Looking for an SQL Query for all searches run with how long each search took
DA11, Looking for an SQL Query for all searches run with how long each search took. We can get the searches - no issue - can only seem to pull creation and modifed dates - but looking for time stamp for duration of each search. use [Database] SELECT SearchID, CaseID, NumHits, PrincipalName AS ModifiedBy, tblIntSearches.Name AS SearchName, tblIntSearches.ModifiedDate AS DateModified, CreateDate, tblStatus.[Name] AS SearchType, CreationType.[Name] AS CreationType, SampleResultSize, NativeQuery, NativeLegacyQuery, XMLText FROM tblIntSearches LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[ModifiedByID] = tblPrincipal.[PrincipalID] INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID] INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID] WHERE tblIntSearches.[StatusID] <> 858 AND PrincipalName IS NOT NULL UNION ALL SELECT TypeID AS SearchID, tblAudit.CaseID, NumHits, PrincipalName AS ModifiedBy, tblIntSearches.Name AS SearchName, AuditDate AS DateModified, CreateDate, tblStatus.[Name] AS SearchType, CreationType.[Name] AS CreationType, SampleResultSize, NativeQuery, NativeLegacyQuery, XMLText Name FROM tblIntSearches INNER JOIN tblAudit ON tblAudit.TypeID = tblintSearches.SearchID AND tblIntSearches.StatusID <> 858 AND tblAudit.AuditTypeID = 1052 LEFT OUTER JOIN [tblPrincipal] ON tblIntSearches.[CreatedByID] = tblPrincipal.[PrincipalID] INNER JOIN [tblStatus] ON tblIntSearches.[Type] = tblStatus.[StatusID] INNER JOIN [tblStatus] CreationType ON tblIntSearches.CreationType = CreationType.[StatusID] ORDER BY CreateDate DESC
djdowney
7 years ago Place Enterprise Vault
705Views
0likes
1Comment
DA Attachment Name Search
Thank you in advance for any assistance! EV and DA are v9 All I need to perform is a search that looks for attachment names that have, for example, "ABC" in the file name. I've referenced these two links and cannot get any DA hits on my search attempts. http://www.symantec.com/connect/forums/discovery-search-specific-attachment-name http://www.symantec.com/connect/articles/discovery-accelerator-hidden-searchable-items Using information from the 2nd link, it appears that I can use attribute "TSUB" with description: Attachments only - the subject / title of the top-level item. Do I use a Custom Attribute within a new search to utilize "TSUB"? If I populate the screen like the screen shot below, I get zero hits and I know there are attachments with "ABC" in the file name.
Solved
NaturesRevenge
8 years ago Place Discovery Accelerator
3.4KViews
0likes
6Comments
How to audit Discovery Accelerator ?
Hi Everybody, EV version is 11.0.1 If it is possible I would like to enable auditing for Discovery Accelerator. 5 years ago it was asked in forum discuss about this issue : https://www-secure.symantec.com/connect/forums/auditing-actions-taken-discovery-accelerator Auditing situation for DA still is the same or is there any new work ? Thank you,
Solved
hbozan
8 years ago Place Discovery Accelerator
5.5KViews
0likes
12Comments
Seeking SQL query returning per-user count of (non-legal hold) items to be expired from EV
Hi all, Long-time listener, first-time caller. Our customer is looking to turn on expiry in their environment for the first time. They use EV in a non-traditional manner, so of 32MM+ items, upwards of 2/3 (maybe even 9/10) are on legal hold via DA. Effectively the only items not on legal hold are from cases that were active but have since been closed, removing the holds. Many of the holds overlap, as well. We have successfully tested expiry in a near-duplicate QA EV environment and removed about 2MM items without incident. After presenting that result, the customer's IT team has requested that we add an additional step to present to legal before advancing into Production. They'd like as granular a report as possible of what will be removed so they can confirm the data to be expired should be expired. Criteria are below: A simple count of items to be removed per user would be the bare minimum. A better solution would include retention categories The perfect query would provide: Granular item-by-item reporting (for at least some users) A means by which at least a subset of physical savesets could be located and presented After digging around the forums for quite some time, I've tested versions of JesusWept3's query (which looks like it should do exactly what I need) but: In my lab (which does not have DA) I need to remove any references to the holdsaveset table or else it returns no results I'm considering adding DA to my lab to test it, but I have little doubt that JesusWept3 knows his stuff. I'm confident that it will work. In the QA environment, looking at just one of three vault stores, I stopped it after about 36 hours of execution, made some modifications and was unable to make it work more efficiently. I started it again and it has still not completed running after another hours. Even if it does conclude after, say, 48 hours, this is not likely to be an acceptable option to management. Please let me know if you have any tweaks, experience or advice to offer
Dan_L
8 years ago Place Enterprise Vault
6KViews
0likes
10Comments
Discovery Accelerator - Search results, can you review without accepting
I'm working with Discovery Accelerator at the moment and I'm wondering what the story is with the search functionality within a case You create a case and you do your search/ searches. Now as far as I can tell the only means of review to see if your search results are right is the number of records returned? that's why the underlined statement below in the DA help confuses the hell out of me. The only way I can look at the results is by accepting them for review, Once I have done that I can't modify the search if it wasn't right. Because I can't then remove an incorrect search I have to delete the case and start again. I have to say it seems to me to be one of the most unintuative features of the whole system and I'm a lead infrastructure analyst who put EV and a SAN in, what the hell happens when I unleash this on the users?!?!?!? They are going to go nuts!! Can someone confirm if this is the correct understanding of how it should operate, it's doing my head in!! When you have created a case, you must search for information to include in it. This process involves the following activities: Running one or more searches on the relevant vault stores for suitable information. Discovery Accelerator offers a wide range of search criteria from which to choose: words and phrases to look for, date ranges, message size, author and recipient addresses, and more. Studying the search results to assess their suitability, and then either accepting or rejecting the results.
Solved
Davismisbehavis
8 years ago Place Discovery Accelerator
4.3KViews
2likes
16Comments