Splunk® Security Essentials

Use Splunk Security Essentials

This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.

Check data sources with the Data Source Check dashboard

In Splunk Security Essentials, every example has prerequisites defined to help you know if a search will work in your environment. The Data Check dashboard is a tool to verify if the data sources exist for examples in Splunk Security Essentials. To use the Data Source Check dashboard, follow these steps:

  1. In Splunk Security Essentials, navigate to Data > Data Source Check.
  2. Click Start Searches.

A green check mark indicates that all of the prerequisite checks were completed for the search so you can run it in your environment. A red exclamation point indicates that one or more of the prerequisite checks for the search failed. You can click the expand icon to find out what check failed, and how to fix it.

Create security posture dashboards

After you have verified your data sources exist, you can create security Posture dashboards to see an overview dashboard of all of your security content in Splunk Security Essentials. You can create up to 50 dashboard panels. To create a Posture dashboard, follow these steps:

  1. In Splunk Security Essentials, navigate to Data > Data Source Check.
  2. Click Create Posture Dashboards.
  3. Select your desired dashboard type from the list. Some panels are unavailable if you don't have the required data.
  4. (Optional) Click Use Demo Datasets to have all dashboards use CSV demo data.
  5. Click Create Dashboards to get a link to the dashboard. The dashboard is also added to the main menu under Security Operations.
Last modified on 06 January, 2021
Track data ingest latency with the Data Availability dashboard   Understand the data sources used in Splunk Security Essentials with the Data Source On-boarding Guides

This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.6.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters