Splunk® User Behavior Analytics

Use Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Customize your table view in Splunk UBA

You can choose what to view in the table by changing the columns that appear, filtering the results, and grouping the results.

  • Click the table icon to change which columns display and view additional or fewer columns of information.
  • Click and drag column headers to reorder them, or click them to sort the table by the column value.
  • See grouped versions of the table by clicking the arrows to the left of the columns to expand the grouping selector. Select from the available options, or click No Grouping to see all users with anomalies.
  • You can also narrow your view using the filters. Filter by risk score, time, or click Add Filter to add additional filters.

You can also save your customizations as a filter, a CSV file, or as a dashboard widget.

Save a view

Save a view so that you can return to it later. You can save a filter to reuse a specific set of search criteria, or you can save dashboard panels or tables.

You can save tables, such as the user table or the anomalies table, as CSV files, HTML files, or dashboard widgets. See Save to a dashboard. You can save dashboard panels as CSV files or HTML files if they contain tabular data. Other types of dashboard panels, such as charts or graphs, can be saved as images or PDF files.

Save a filter

Save and name a filter to use it again. Filters you create and save are visible to all users of Splunk UBA.

  1. Click Add Filter to add a new filter to your table view.
    For example, select a filter of Threat Types and select Insider to see only insider threats.
  2. Click Save.
  3. Enter a Name.
    For example, Insider threats.

Click Clear Filters to return to viewing all users. Click Presets to view all saved filters.

You can also rename or modify existing filters.

  1. Click the filter name and select Manage Presets.
  2. Type in the box to edit the name, or click the X to delete the filter.
  3. Click OK to save your changes.

Save to a dashboard

You can create a custom dashboard widget or panel from the user table view. This lets you save a filter view as a visualization on a dedicated dashboard.

  1. Click Save and select Save as Dashboard Widget.
  2. Enter a Widget Name.
  3. Select a Widget Dashboard, such as Custom Dashboard.
  4. Click Next.
  5. Select a visualization type.
  6. Click OK to save the widget.
  7. When prompted, click Show Dashboard Widget.
  8. The Custom Dashboards view opens and displays your new dashboard widget.

See Create a custom dashboard for more.

Last modified on 01 December, 2023
See all devices on the devices table   Create a custom dashboard

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters