Splunk® Phantom (Legacy)

Administer Splunk Phantom

Acrobat logo Download manual as PDF

Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.
Acrobat logo Download topic as PDF

View how much data is ingested in Splunk Phantom using ingestion summary

The ingestion summary page provides a summary of container ingestion over time and currently scheduled periodic ingestions. Use the Ingestion Summary page to get a broad view of how much data is coming into Splunk Phantom and how that amount is trending over time.

Perform the following steps to view ingestion summary details:

  1. From the Main Menu, select Administration.
  2. Select System Health > Ingestion Summary.

The Ingestion Summary table shows a line chart with the total number of successful and failed container ingestions across all Data Sources and ingestion methods. Use the drop-down list to change the time range of the chart. You can select one of the following time ranges:

  • Last 24 hours
  • Last 7 days
  • Last 30 days

The Scheduled Ingestion table lets you track the configuration of all Data Sources that currently have scheduled polling enabled:

  • Time shows the datetime when that Data Source was last set to enable scheduled polling.
  • Interval shows how often that Data Source is scheduled to poll.
  • Container shows the label that will be applied to containers ingested from that Data Source.
  • Asset shows the name of the Data Source asset.
  • App shows the name of the Data Source app.
  • Action shows the name of the action that will be used to ingest data.
Last modified on 27 January, 2020
Monitor the health of your system
View ingested container statistics using Ingestion Status

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters