Upgrade to the Splunk Dashboard Framework to improve performance
Upgrading Splunk Enterprise Security dashboards from simple XML to the Splunk Dashboard Framework helps to improve performance and consistency across products so that you can gather better insights from your data visualizations. If your dashboards have a local override, you must perform the following steps to upgrade Splunk Enterprise Security simple XML dashboards and get the latest dashboard experience:
Following instructions only apply to on-prem deployments. If you are on the Splunk Cloud Platform, file a ticket on the Splunk Support Portal and request help to delete the local copies of the dashboard. See [https://splunkcommunities.force.com/customers/home/home.jsp Support and Services].
- Identify the XML file name from the dashboard URL.
For example: For the Security Posture dashboardess_security_posture
, the filename isess_security_posture.xml
. - Connect to the secure shell (SSH) server that hosts Splunk Enterprise Security.
- Change to Splunk's install directory.
For example:cd /opt/splunk
- Locate the local copy of the dashboard's XML definition file, which overrides the definition from the default folder.
For example:find . -name ess_security_posture.xml
- Delete the XML definition file from the local directory.
- Refresh the web browser for your Splunk instance.
For example:https://localhost:8000/en-US/debug/refresh
, wherehttps://localhost:8000
is the Splunk instance. - Clear your browser cache to display the new version of the dashboard.
Following is a list of Splunk Enterprise Security dashboards that you can upgrade:
- Access Anomalies
- Access Center
- Access Tracker
- Account Management
- Asset Center
- Data Protection
- Default Account Activity
- DNS Activity
- Email Activity
- ES Configuration Health
- Notable Event Geography
- Investigation Overview
- Security Posture
- Forward Auditing
- Generic Protocols
- HTTP Category Analysis
- HTTP User Agent Analysis
- Identity Center
- Intrusion Center
- Incident Review Audit
- Indexing Audit
- Malware Center
- Malware Operations
- Managed Lookups Audit
- Machine Learning Audit
- New Domain Analysis
- Per-panel Filter Audit
- Port and Protocol Tracker
- REST Audit
- Risk Analysis
- Search Audit
- SSL Activity
- Suppression Audit
- System Center
- Threat Activity
- Time Center
- Traffic Center
- Traffic Size Analysis
- Update center
- URL Length Analysis
- User Activity
- Vulnerability Center
- Vulnerability Operations
- Web Center
Key indicators in Splunk Enterprise Security | Security Posture dashboard |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.3.1, 7.3.2
Feedback submitted, thanks!