Check data sources with the Data Source Check dashboard
In Splunk Security Essentials, every example has prerequisites defined to help you know if a search will work in your environment. The Data Check dashboard is a tool to verify if the data sources exist for examples in Splunk Security Essentials. To use the Data Source Check dashboard, follow these steps:
- In Splunk Security Essentials, navigate to Data > Data Source Check.
- Click Start Searches.
A green check mark indicates that all of the prerequisite checks were completed for the search so you can run it in your environment. A red exclamation point indicates that one or more of the prerequisite checks for the search failed. You can click the expand icon to find out what check failed, and how to fix it.
Create security posture dashboards
After you have verified your data sources exist, you can create security Posture dashboards to see an overview dashboard of all of your security content in Splunk Security Essentials. You can create up to 50 dashboard panels. To create a Posture dashboard, follow these steps:
- In Splunk Security Essentials, navigate to Data > Data Source Check.
- Click Create Posture Dashboards.
- Select your desired dashboard type from the list. Some panels are unavailable if you don't have the required data.
- (Optional) Click Use Demo Datasets to have all dashboards use CSV demo data.
- Click Create Dashboards to get a link to the dashboard. The dashboard is also added to the main menu under Security Operations.
| Track data ingest latency with the Data Availability dashboard | Understand the data sources used in Splunk Security Essentials with the Data Source On-boarding Guides |
This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.6.0
Download manual
Feedback submitted, thanks!