Splunk® User Behavior Analytics

Send and Receive Data from the Splunk Platform

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Set up Splunk UBA to send user and device association data to Splunk ES

Set up Splunk User Behavior Analytics (UBA) to send user and device association data to Splunk Enterprise Security (ES). User and device association data from Splunk UBA is visible on the Session Center dashboard in Splunk ES. See Session Center dashboard in the Use Splunk Enterprise Security manual.

  1. Log in to the Splunk UBA management server as the caspida user using SSH.
  2. Open the /etc/caspida/local/conf/uba-site.properties file.
  3. Edit or create the identity.resolution.export.enabled setting and set it to true.
  4. Restart the Splunk UBA web interface service for the changes to take effect.
    sudo service caspida-ui stop
    sudo service caspida-ui start
Last modified on 09 November, 2020
Pull notable events from Splunk ES to Splunk UBA
Send Splunk UBA audit events to Splunk ES

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4,, 5.0.5,, 5.1.0,, 5.2.0, 5.3.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters