Splunk® Enterprise Security

Use Splunk Enterprise Security

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Upgrade to the Splunk Dashboard Framework to improve performance

Upgrading Splunk Enterprise Security dashboards from simple XML to the Splunk Dashboard Framework helps to improve performance and consistency across products so that you can gather better insights from your data visualizations. If your dashboards have a local override, you must perform the following steps to upgrade Splunk Enterprise Security simple XML dashboards and get the latest dashboard experience:

Following instructions only apply to on-prem deployments. If you are on the Splunk Cloud Platform, file a ticket on the Splunk Support Portal and request help to delete the local copies of the dashboard. See [https://splunkcommunities.force.com/customers/home/home.jsp Support and Services].

  1. Identify the XML file name from the dashboard URL.
    For example: For the Security Posture dashboard ess_security_posture, the filename is ess_security_posture.xml.
  2. Connect to the secure shell (SSH) server that hosts Splunk Enterprise Security.
  3. Change to Splunk's install directory.
    For example: cd /opt/splunk
  4. Locate the local copy of the dashboard's XML definition file, which overrides the definition from the default folder.
    For example: find . -name ess_security_posture.xml
  5. Delete the XML definition file from the local directory.
  6. Refresh the web browser for your Splunk instance.
    For example: https://localhost:8000/en-US/debug/refresh, where https://localhost:8000 is the Splunk instance.
  7. Clear your browser cache to display the new version of the dashboard.

Following is a list of Splunk Enterprise Security dashboards that you can upgrade:

  • Access Anomalies
  • Access Center
  • Access Tracker
  • Account Management
  • Asset Center
  • Data Protection
  • Default Account Activity
  • DNS Activity
  • Email Activity
  • ES Configuration Health
  • Notable Event Geography
  • Investigation Overview
  • Security Posture
  • Forward Auditing
  • Generic Protocols
  • HTTP Category Analysis
  • HTTP User Agent Analysis
  • Identity Center
  • Intrusion Center
  • Incident Review Audit
  • Indexing Audit
  • Malware Center
  • Malware Operations
  • Managed Lookups Audit
  • Machine Learning Audit
  • New Domain Analysis
  • Per-panel Filter Audit
  • Port and Protocol Tracker
  • REST Audit
  • Risk Analysis
  • Search Audit
  • SSL Activity
  • Suppression Audit
  • System Center
  • Threat Activity
  • Time Center
  • Traffic Center
  • Traffic Size Analysis
  • Update center
  • URL Length Analysis
  • User Activity
  • Vulnerability Center
  • Vulnerability Operations
  • Web Center
Last modified on 23 March, 2023
Key indicators in Splunk Enterprise Security   Security Posture dashboard

This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.3.1, 7.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters