Splunk® User Behavior Analytics

Get Data into Splunk User Behavior Analytics

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Verify that you successfully added the data source

Confirm that the data source you added is successfully parsing events.

  1. In Splunk UBA, select Manage > Data Sources.
  2. Click the name of the data source that you added.
  3. Review the Data Source Details.
  4. Click the parsed events icon (The parsed events icon.) and review the 10 sample events. Make sure that each event lists event views.

There are times when some data sources, such as DHCP, DNS, AD, or HTTP do not provide a destination device. If you ingest one of these data types and see validation error messages, you can ignore these messages once you examine the raw event and validate the absence of the destination device in the raw event.

Last modified on 29 January, 2020
PREVIOUS
Configure the VirusTotal script to see VirusTotal anomalies in Splunk UBA
  NEXT
Monitor the quality of data sent from the Splunk platform

This documentation applies to the following versions of Splunk® User Behavior Analytics: 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters