Splunk® Security Essentials

Use Splunk Security Essentials

The Content Overview dashboard

The Content Overview dashboard is an important part of the Analytics Advisor suite. This dashboard takes into account what data you have in your environment, what searches are active, and helps you see what content you can use next. To use this dashboard, from the main menu click Analytics Advisor > Content Overview. Each number in this dashboard represents a step in using the dashboard.

  1. The Available Content panel lets you see a high level of how your environment compares to the available content. You can switch between the tabs to change the visualization and click the Split by field to show different dimensions. Everything in this panel is clickable and allows you to drill down further.
  2. The Selected Content panel contains further filters that allow you to drill into individual pieces of content.
  3. The View Content panel lets you view full details of the selection inside the Security Essentials general content page.

Any content in this dashboard labeled Active means that you have content activated in your environment. Content labeled Available means that you have content that can be activated with data already in Splunk. Content labeled Needs data means that the data needed to support the content is missing.

Last modified on 03 July, 2023
Find content to use in your ransomware defense with the Ransomware Content Browser   The Cyber Kill Chain dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters