Splunk Stream

User Manual

This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.

Stream Informational Dashboards

Splunk App for Stream (splunk_app_stream) provides a set of built-in informational dashboards, which give you a quick overview of activities taking place across your network. Informational dashboards include:


Informational dashboards are populated by a set of built-in streams that come with the app. Clone built-in streams and use them as a starting point to create your own new streams in the Configure Streams UI. For more information, see Configure Streams in this manual.

Impact of new aggregation methods on dashboards

As of version 6.6.0, the Database Activity dashboard and built-in Splunk database streams, such as Splunk_Mysql and Splunk_Postgres, have been updated to use the max(time_taken) aggregate function to generate max query time statistics. As a result, the Database Activity dashboard in version 6.6.0 and later is not compatible with data generated by earlier versions of streamfwd.

All other dashboards have been updated for the new aggregation methods introduced in version 6.6.0 and are compatible with data generated by both old and new versions of streamfwd. For more information, see Stream aggregation methods in this manual.

Analytics Overview

Analytics overview.png

App Analytics

App analytics.png

Flow Visualization

Flow viz.png

HTTP Overview

Http overview dashboard.png

HTTP Activity

Http activity dashboard.png

Database Activity

Database activity dashboard.png

DNS Overview

Dns overview dashboard.png

DNS Activity

Dns activity dashboard.png

SSL Activity

Ssl activity dashboard.png

Last modified on 01 April, 2020
Use Stream Estimate to preview index volume   Stream Admin dashboards

This documentation applies to the following versions of Splunk Stream: 7.1.2, 7.1.3, 7.2.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters