Skip to main content

Hi Google Cloud Community Members,

I've recently come through an in-platform method, with the ability to extract up to (from my testing) 99,999 rows, or 5MB worth of data to an Email

Limitations:

  1. Does not support Table Calculations
  2. Unable to set specific hard row limit past 5,000 (either All results, or the results in the table)

Benefits (In addition to the current capabilities):

  1. Export more than the available (5,000) rows.
  2. Ability to schedule email delivery, and ability to send schedules or not to scheduled depending on if there are or aren't results
  3. Data grouping
  4. Further Formats (JSON, Text, Html, Data Table)
  5. Run on Load (Auto refresh per load of the 'look')

How does it work?

It utilises the in-platform Looker-based dashboarding, in particular, you can create an 'Explore' look which exposes further configuration and capabilities within this feature.

Instructions:
For this particular demonstration, I am using the publicly available Google Chronicle SIEM instance, this both works for SOAR ADVANCED REPORTS, and SIEM REPORTS (which are looker based)

Navigate to 'Dashboards', and Create a Dashboard

Within your Dashboard, create a visualisation:

Input your Filters, formatting and data you want to include. For this particular scenario I'm using the 'UDM EVENTS' explore, using a table, with one column containing the 'metadata.event_timestamp.minutes', with a filter of the metadata.event_timestamp being in the last 1500 hours (to demonstrate this will exceed the hard-set row limit, but there are more than the row limit)

Once your Dashboard is created, click on the cog at the top right (highlighted in green in the ABOVE image), you  then want to select 'Save', and 'As a Look'

Once Complete, create a Title and 'Description', and click 'Save'

Your 'Look' is now saved, click on the Hyperlink where it says 'The <YOUR INPUTTED TITLE> Look was successfully created'

You will now see your dashboard, if you have any error, you can click on the cog at the top right, re-enter your criteria, and re-run your data, and save it within the Look itself. We can see our 'looker' is ID '50' (remember this, if you want to make modifications).

Once we click on the COG, we can set whether we want to schedule a email, or send a one-time email:

If we select 'Send', we can see the following criteria, i've entered my Email Address as the recepient, I want the data as a 'CSV', and improtantly the limit as 'All Results' (as mentioned in the title of this Post, these are the limitations I've observed)

 




Once Sent is clicked, a one-time email will be sent to the recepient, as can be seen below:

if we view the Email, and view the contents, we can see more than the 5,000 row limit set.

Scheduling an email contains further extra capabilities, once you click 'Schedule', you'll see the following:



Hope this helps! It would be great to share your insights, and any potential limitations you've observed, or any issues you've identified!

Kind Regards,

Ayman








 

 

Thanks for sharing this cool method!

Thank you Ayman, appreciate you sharing 

Great stuff @AymanC Thanks for sharing with and contributing to the Community!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.