Splunk® Security Essentials

Use Splunk Security Essentials

Track data ingest latency with the Data Availability dashboard

The Data Availability dashboard is a machine learning-driven dashboard that tracks the typical data ingest latency of the products configured in Splunk Security Essentials. When a log source slows down, it is color coded in the dashboard, and you can click on it to see what detections are at risk.

Prerequisites

The Data Availability dashboard requires the Splunk Machine Learning Toolkit (MLTK). Verify that you have MLTK installed. See Install the Machine Learning Toolkit in the Splunk Machine Learning Toolkit User Guide.

Steps

  1. In Splunk Security Essentials, navigate to Data > Data Availability.
  2. Click Run Baseline Search.
  3. Click the log sources in the search results to see if there are any detections at risk for that specific source.
Last modified on 20 January, 2023
Track active content in Splunk Security Essentials using Content Mapping   Create security Posture Dashboards

This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters