Splunk® Enterprise Security

Use Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

More Network dashboards

This page is currently a work in progress; expect frequent near-term updates.

Web Center

Use the Web Center dashboard to profile web traffic events in your deployment. This dashboard reports on web traffic gathered by Splunk from proxy servers. It is useful for troubleshooting potential issues such as excessive bandwidth usage or proxies that are no longer serving content for proxy clients. The Web Center can also be used to profile the type of content that clients are requesting and how much bandwidth is being used by each client.

Use the filtering options at the top of the screen to limit which items are shown. Configure new data inputs through Splunk Settings or search for particular traffic events directly through Incident Review.

ES-WebCenter dashboard.png

Click chart elements or table rows to display the raw events for the data represented. See dashboard drilldown for more information.

This table describes the panels on the dashboard.

Panel Description
Dashboard filter Restricts the view on the current dashboard to events that match the selected criteria. Selections apply to the current dashboard only. These filters are available:
  • Business Unit
  • Category

See descriptions of the standard filter options.

Key Indicators
Events Over Time by Method Shows the total number of proxy events over time, aggregated by one of the following:
  • by Action: the action taken by the proxy server (whether it allowed the traffic, fulfilled the request from the cache, etc.)
  • by Status: the HTTP status of the response
  • by Method: the HTTP method requested by the client (POST, GET, CONNECT, etc.)
  • by Content Type: content of the file itself (text/html, application/javascript).
  • by User Agent: the web browser of the client

Spikes in traffic may indicate suspicious activity; dips may indicate network connection problems.

Events Over Time by Status
Top Sources Sources associated with the highest volume of network traffic. This is useful for identifying sources that are using an excessive amount of network traffic (for example, hosts doing file-sharing), or frequently-requested destinations generating large amounts of network traffic (for example, YouTube or Pandora).
Top Destinations Destinations associated with the highest volume of network traffic. This is useful for identifying sources that are using an excessive amount of network traffic (for example, hosts doing file-sharing), or frequently-requested destinations generating large amounts of network traffic (for example, YouTube or Pandora).

Note: Text values in search fields must be lowercase text.

Configuration Information

For information about how to configure the Web Center, see "Web Center dashboard" in the Splunk App for Enterprise Security Installation and Configuration Manual.

Web Search

Use the Web Search dashboard to search for web events that are of interest.

ES-WebSearch dashboard.png

Click chart elements or table rows to display the raw events for the data represented. See dashboard drilldown for more information.

This table describes the panels on the dashboard.

Panel Description
Dashboard filter Restricts the view on the current dashboard to events that match the selected criteria. Selections apply to the current dashboard only. These filters are available:
  • HTTP Method
  • HTTP Status
  • Source
  • Destination
  • URL
Search results (events)

Configuration Information

For information about how to configure the Web Search dashboard, see "Web Search dashboard" in the Splunk App for Enterprise Security Installation and Configuration Manual.

Network Changes

Use the Network Changes dashboard to track configuration changes to firewalls and other network devices in your environment. This dashboard helps to troubleshoot device problems; frequently, when firewalls or other devices go down, this is due to a recent configuration change on the device(s).

ES-Network Changes dashboard.png

Click chart elements or table rows to display the raw events for the data represented. See dashboard drilldown for more information.

This table describes the panels on the dashboard.

Panel Description
Dashboard filter Restricts the view on the current dashboard to events that match the selected criteria. Selections apply to the current dashboard only. These filters are available:
  • Business Unit
  • Category
  • Time range picker
Network Changes By Action
Network Changes By Device
Search results (events)


Configuration Information

For information about how to configure the Network Changes dashboard, see "Network Changes" in the Splunk App for Enterprise Security Installation and Configuration Manual.

Last modified on 29 May, 2015
Network dashboards   Identity dashboards

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters