Splunk® Mission Control

Get Data into Splunk Mission Control

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Get data into Splunk Mission Control

Get data into Splunk Mission Control so you can investigate, analyze, and automate data from multiple locations, such as multiple instances of Splunk Enterprise Security, the Splunk platform, or other systems. The data that you send to Splunk Mission Control appears in the product as notables or as risk scores for artifacts, depending on what data you send.

Notables in Splunk Mission Control represent alarms, notable events, and other signifiers of something to be investigated by an analyst or processed by automation. Artifacts represent the field values involved in alarms and notable events, such as IP addresses, MAC addresses, usernames, and email addresses. Risk scores for artifacts appear as contextual information on the analytics tab when investigating notables.

Get data into Splunk Mission Control from Splunk Enterprise Security using Splunk Connect for Mission Control, a Splunk app. See Get data into Splunk Mission Control from Splunk Enterprise Security.

This diagram shows the current data connections between Splunk Mission Control and a Splunk Enterprise Security instance with Splunk Connect for Mission Control installed.

  • Get data into Splunk Mission Control from Splunk Enterprise Security using Splunk Connect for Mission Control, a Splunk platform app.
  • Splunk Connect for Mission Control includes configurations to run searches on behalf of Splunk Mission Control users and return the results for viewing in Splunk Mission Control, as well as configurations to forward notable event, risk score, and content management data to Splunk Mission Control.
  • Searches and their results are sent over an HTTPS connection using port 443 to the Cloud Gateway service and then sent from there to Splunk Mission Control.
  • Notable event and other data is forwarded using a Splunk-to-Splunk or S2S connection over port 9997 secured by certificates.

For details about where data is stored in Splunk Mission Control, and for how long, see Where data is stored in Splunk Mission Control.

Last modified on 29 April, 2021
  NEXT
Where data is stored in Splunk Mission Control

This documentation applies to the following versions of Splunk® Mission Control: Current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters