Splunk® InfoSec App

Administration Guide

Confirm the health of the InfoSec app for Splunk

Prerequisite

Ensure that you have installed the Splunk InfoSec app in your Splunk platform environment. For information on installing the Splunk InfoSec app, see Install the Splunk InfoSec app in the Splunk InfoSec App Installation Guide.

Follow these steps to confirm the health of the InfoSec app:

  1. In Splunk Web, navigate to the InfoSec app for Splunk by selecting the app from the App menu.
  2. In the InfoSec app, select the Health dashboard. The first two rows of visuals within the Health dashboard provide an overview of the data in your Splunk platform environment.
  3. Verify the following three metrics using the Health dashboard:
    Metrics Additional information
    Count of events that feed each of the data models that are required by the InfoSec app If the Health dashboard shows that no data feeds into a data model, there may not be an available data source that feeds the data models in your Splunk platform environment.

    To validate data sources and confirm that your environment is configured correctly for each of the data models, see Validate data sources that feed the data models of the Splunk InfoSec app.

    Acceleration status for each of the data models that are required by the InfoSec app Enable acceleration only for the data models that are fed with data

    To set acceleration for your data models, see Accelerate data models to build the Splunk InfoSec app dashboards.

    Installation status for each of the supporting apps or add-ons that are required by the InfoSec app If the Health dashboard does not report that the required add-ons are installed, see Install additional apps and add-ons in the Splunk InfoSec app Installation Guide to confirm that your environment is configured correctly .
Last modified on 29 July, 2021
  Validate data sources that feed the InfoSec app for Splunk data models

This documentation applies to the following versions of Splunk® InfoSec App: 1.6.4, 1.7.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters