Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to View Endpoint LogsHow to Use Audit LogsHow to Use Agent LogsWhere to Find PostgreSQL LogsAdvanced Log and Log Location Information for Power UsersWhat are common errors shown in the Agent Log and how do I fix them?Can I Export Agent Log Data for External Analysis?Can I export Audit Log data for External Analysis?How do I export Audit Log data via the Web API?Can I customize which events appear in the Audit Log?Can I schedule automated exports of Audit Log data?Is there a sample script for API-based audit log export?Guide to Analyzing Logs and Generating Graphs in Time IntervalsIs There a Sample Script for Exporting Agent Log Data?What are Best Practices for Managing Large Log Exports?Is There an Example of Filtering Logs by Severity?What are best practices for storing and securing exported log data?What Tools Integrate Well with Spirion for Log Integrity VerificationIs There a Sample Script for Hash Verification?
PowerBI
Can the information within a Gather Data file be viewed in a third-party tool such as PowerBI?What Charts are Most Useful when using a tools like PowerBI?Power Query (M) Script in PowerBI for Log AnalysisHow do I parse an Agent Log in PowerBI?How can I detect duplicate log entries in PowerBI?How do I compare two log files in PowerBI?How do I compare timestamps across files?What if timestamps are missing from my Spirion Logs?How should I handle null rows?Example of a Power Query Script in PowerBIHow do I sort Logs Chronologically in PowerBI?How do I handle mixed timestamp formats in PowerBI?
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

Can the information within a Gather Data file be viewed in a third-party tool such as PowerBI?

While the Gather Data zip file itself is not designed to be opened directly in PowerBI, the information it contains can be analyzed using various methods depending on your technical needs.

Can it be viewed in PowerBI?

  • Not Directly: PowerBI is designed for structured data (like SQL tables or CSVs). A Gather Data file is a collection of unstructured text logs, XML configuration files, and registry exports.
  • Indirectly (Advanced): You could technically use PowerBI's "Folder" connector to ingest the text files within the zip, but you would need to write complex Power Query (M) transformations to parse the Spirion-specific log formats into a readable table. We generally do not recommend this method for standard troubleshooting.

The Best Ways to View Gather Data Information

Below are the recommended ways to view the various data stored in the Gather Data archive, downloaded from the Agent Logs page in Spirion Sensitive Data Platform.

1. Manual Review (Best for Quick Troubleshooting)

The most effective way to view the data is to unzip the file and use a high-quality text editor (like Notepad++ or VS Code):

  • For Logs (EPS, IDF, IFS): Open these in a text editor. Use "Find in Files" to search for keywords like Error, Fail, Access Denied, or specific timestamps.
  • For Configuration (GlobalSettings.xml): Open in a browser or XML editor to see exactly what policies were active on the agent at the time of the scan.
  • For Environment (processes.txt, systemprofile.txt): These are plain text files that give you a snapshot of the machine's state.

2. Spirion Console (For High-Level Overview)

If you are looking for the results of the activity described in the logs, use the Agent Logs page in the Spirion Console. It provides a parsed, searchable version of the same information found in the EPS and IDF logs without requiring you to manually dig through text files.

3. Third-Party Log Aggregators (For Advanced Analysis)

If you need to perform deep analysis across many agents:

  • Splunk or ELK Stack: You can ingest the raw .log files from the Gather Data zip into a log aggregator. These tools are much better suited than PowerBI for searching and correlating unstructured log data.

4. PowerBI (For Scan Results, Not Logs)

If your goal is to create dashboards of sensitive data findings (rather than troubleshooting agent health), you should use the Spirion Data Warehouse API. This enables you to connect PowerBI directly to your scan results, which is the supported way to use third-party reporting tools with Spirion.

Can PowerBI parse those logs?

Technically, yes, PowerBI can parse Spirion agent logs, but it is not a "native" or "one-click" process. Because Spirion logs are unstructured or semi-structured text files, you have to build the parsing logic yourself within PowerBI using Power Query.

How PowerBI Parses the Logs

To make the logs readable in PowerBI, you would use the "Text/CSV" or "Folder" connector and then apply several transformation steps:

  1. Delimited Splitting: You must tell PowerBI how to split the log lines. Spirion logs typically use a standard format like:
    [YYYY-MM-DD HH:MM:SS Level] Message
    You would use "Split Column by Delimiter" (using the brackets or spaces) to separate the Timestamp, Log Level, and the Message into their own columns.
  2. Data Typing: You would need to manually change the "Timestamp" column to a Date/Time format so you can use PowerBI's time-based filters and slicers.
  3. Filtering: You would likely want to filter out "Noise" (like INF or DEBUG messages) to focus only on ERR (Error) or WRN (Warning) levels.
  4. Custom Parsing (Advanced): For complex messages (like those containing EndpointId or CorrId), you would use "Extract Text Between Delimiters" to pull those specific IDs into their own columns for correlation.

Is it the right tool for the job?

While PowerBI can do this, it is generally considered a high-effort approach for log analysis.

Feature

PowerBI

Splunk / ELK Stack

Text Editor (Notepad++)

Parsing Effort

High (Manual Power Query)

Low (Auto-parsing)

None (Manual Reading)

Search Speed

Slow (Requires Refresh)

Instant

Fast (Ctrl+F)

Visualization

Excellent (Charts/Trends)

Good

None

Best Use Case

Long-term trend reporting

Real-time troubleshooting

Quick, one-off fixes

PowerBI Recommendation

  • For Troubleshooting: Do not use PowerBI. It is too slow to refresh and too difficult to set up for a single "Gather Data" file. Use a text editor or the Agent Logs page in the Spirion Console.
  • For "Big Picture" Health: If you want to see a dashboard of "Agent Errors across the whole company over the last 30 days," then PowerBI is a great choice. In this case, you should use the Spirion API to pull the logs as structured JSON, which PowerBI can ingest much more easily than raw text files.

Summary: PowerBI can parse the logs using Power Query transformations, but it requires manual setup. It is best used for long-term health trends rather than immediate troubleshooting.

Recommendations

If you are troubleshooting a specific issue, unzip the file and use a text editor to look at the IDF (scanning) and IFS (shipping) logs. If you are trying to build a long-term reporting dashboard, ignore the Gather Data files and use the Spirion Reporting API to pull structured data into PowerBI.

Summary: Gather Data files are unstructured diagnostic bundles. Use a text editor for troubleshooting. Use the Spirion API if you want to build reports in PowerBI.

Was this article helpful?

Powered by Product Fruits