Splunk® Enterprise Security

Use Splunk Enterprise Security

Download manual as PDF

Download topic as PDF

Web Center and Network Changes dashboards

Web Center

You can use the Web Center dashboard to profile web traffic events in your deployment. This dashboard reports on web traffic gathered by Splunk from proxy servers. It is useful for troubleshooting potential issues such as excessive bandwidth usage, or proxies that are no longer serving content for proxy clients. You can also use the Web Center to profile the type of content that clients are requesting, and how much bandwidth is being used by each client.

You can configure new data inputs through Splunk Settings, or search for particular traffic events directly through Incident Review. Use the filters at the top of the screen to limit which items are shown. Filters do not apply to Key Indicators.

Filter by Description Action
Business Unit A group or department classification for the identity. Text field. Empty by default. Wildcard strings with an asterisk (*)
Category Filter based on the categories to which the host belongs. Drop-down: select to filter by
Time Range Select the time range to represent. Drop-down: select to filter by

Dashboard Panels

Panel Description
Key Indicators Displays the metrics relevant to the dashboard sources over the past 48 hours. Key indicators represent summary information and appear at the top of the dashboard. See Key indicators in Splunk Enterprise Security.
Events Over Time by Method Shows the total number of proxy events over time, aggregated by Method, or the HTTP method requested by the client (POST, GET, CONNECT, etc.).
Events Over Time by Status Shows the total number of proxy events, aggregated by Status, or the HTTP status of the response.
Top Sources Sources associated with the highest volume of network traffic. This is useful for identifying sources that are using an excessive amount of network traffic (for example, file-sharing hosts), or frequently-requested destinations generating large amounts of network traffic (for example, YouTube or Pandora).
Top Destinations Destinations associated with the highest volume of network traffic. This is useful for identifying sources that are using an excessive amount of network traffic (for example, file-sharing hosts), or frequently-requested destinations generating large amounts of network traffic (for example, YouTube or Pandora).

Web Search

The Web Search dashboard assists in searching for web events that are of interest based on the criteria defined by the search filters. The dashboard is used in ad-hoc searching of web data, but is also the primary destination for drilldown searches used in the Web Search dashboard panels.

The Web Search dashboard displays no results unless it is opened in response to a drilldown action, or you update a filter, select a time range, and click Submit.

Filter by Description Action
HTTP Method Filter based on HTTP Method. Text field. Empty by default. Wildcard strings with an asterisk (*)
HTTP Status Filter based on HTTP Status code. Text field. Empty by default. Wildcard strings with an asterisk (*)
Source Filter based on source IP or name. Text field. Empty by default. Wildcard strings with an asterisk (*)
Destination Filter based on destination IP or name. Text field. Empty by default. Wildcard strings with an asterisk (*)
URL Filter based on URL details. Text field. Empty by default. Wildcard strings with an asterisk (*)
Time Range Select the time range to view. Drop-down: select to filter by

Network Changes

Use the Network Changes dashboard to track configuration changes to firewalls and other network devices in your environment. This dashboard helps to troubleshoot device problems; frequently, when firewalls or other devices go down, this is due to a recent configuration change.

Filter by Description Action
Business Unit A group or department classification for the identity. Text field. Empty by default. Wildcard strings with an asterisk (*)
Category Filter based on the categories to which the host belongs. Drop-down: select to filter by
Time Range Select the time range to represent. Drop-down: select to filter by

Dashboard Panels

Panel Description
Network Changes by Action Shows all changes to the devices by the type of change, or whether a device was added, deleted, modified, or changed. The drilldown opens the "New Search" dashboard and searches on the selected action and time range.
Network Changes by Device Shows all devices that have been changed as well as the number of the changes, sorted by the devices with the highest number of changes. The drilldown opens the "New Search" dashboard and searches on the selected device and time range.
Recent Network Changes Shows a table of the most recent changes to network devices in the last day.

Troubleshooting

This dashboard references data from various data models. Without the applicable data, the dashboards will remain empty. See Troubleshoot dashboards in Splunk Enterprise Security in Administer Splunk Enterprise Security.

PREVIOUS
Network dashboards
  NEXT
Port and Protocol Tracker dashboard

This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters