For details, see:
View ingested container statistics using Ingestion Status
Use the Ingestion Status page to see high-level statistics about ingested containers.
To view ingestion status details, perform the following steps:
- From the Home menu, select Administration.
- Select System Health, then Ingestion Status.
- Select the Ingestion history tab to see the all ingestion actions or the Ingestion errors tab to see failed ingestions.
- Optionally enter a search term.
- Specify a timeframe for the results. Choose from the last 24 hours (default), 7 days, or 30 days.
The Ingestion history table shows one row for each unique combination of ingestion status, container label, asset, app, and action. For non-unique combinations, the Count column shows how many actions match that combination. The data helps you to see how many containers are being ingested through each ingestion mechanism. Some containers don't come from an asset because they are manually added by a user, which results in a row with an action like "User add container".
The Ingestion errors table shows any failed ingestions. Use the information in the start time, end time, asset, app, and action fields to start debugging the failure.
| View how much data is ingested in using ingestion summary | Configure the logging levels for daemons |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.4.1
Download manual
Feedback submitted, thanks!