Splunk® Mission Control

Investigate and Respond to Threats in Splunk Mission Control

Best practices for improving performance in Splunk Mission Control

This guide includes best practices for reducing performance issues and improving the incident triage and investigation experience in Splunk Mission Control.

See the following table for best practices and related documentation on improving the performance of Splunk Mission Control:

Best practice Description Documentation
Filter incidents in the Incident review table Instead of running searches or lookups, filter incidents on the Incident review page to get results faster. You can filter incidents by fields such as owner, status, urgency, sensitivity, disposition, incident origin, incident ID, and incident type. Apply filters and save filtered views for incidents
Triage incidents using the Preview side panel Instead of opening new tabs to review incident details, triage the incident by selecting Preview in the incident review table. You can review incident details and configure fields from the preview side panel. Triage incidents
Manage your search quota Splunk Mission Control has a default search quota limit. Some background searches, such as those initiated when running dashboards, contribute to the search quota and might impact the performance of Splunk Mission Control. You can manage your search quota by contacting your account manager. Splunk Support Portal
Last modified on 22 April, 2024
Example incident response workflow in Splunk Mission Control   Triage incidents using incident review in Splunk Mission Control

This documentation applies to the following versions of Splunk® Mission Control: Current

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters