Splunk® Phantom

Administer Splunk Phantom

Acrobat logo Download manual as PDF

Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.
Acrobat logo Download topic as PDF

View ingested container statistics using Ingestion Status

Use the Ingestion Status page to see high-level statistics about ingested containers.

To view ingestion status details, perform the following steps:

  1. From the Main Menu, select Administration.
  2. Select System Health > Ingestion Status.

The Ingestion Stats table shows one row for each unique combination of ingestion status, container label, asset, and action. These rows allow you to get a better sense of how many containers are being ingested through each ingestion mechanism. Some containers don't come from an asset because they are manually added by a user, which results in a row with an action such as "User add container".

The Ingestion Errors table lists any failed ingestions. Use the information in the start time, end time, asset, app, and action fields to start debugging the failure.

Last modified on 27 January, 2020
View how much data is ingested in Splunk Phantom using ingestion summary
Configure the logging levels for Splunk Phantom daemons

This documentation applies to the following versions of Splunk® Phantom: 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters