Splunk® User Behavior Analytics

Send and Receive Data from the Splunk Platform

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Integrate Splunk ES and Splunk UBA with the Splunk Add-on for Splunk UBA

Use the Splunk Add-on for Splunk UBA to integrate Splunk Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). You can integrate Splunk UBA and Splunk ES to share the following types of data:

See Viewing data from Splunk UBA in Enterprise Security in Use Splunk Enterprise Security for more information.

Use Splunk ES to close or reopen notable events in order to have the corresponding threats also be closed or reopened in Splunk UBA. Do not close or reopen threats in Splunk UBA.

For instructions on how to send events from Splunk UBA to Splunk Enterprise without using Splunk ES, see Send Splunk UBA data to Splunk Enterprise without Splunk Enterprise Security in Administer Splunk User Behavior Analytics.

Last modified on 07 October, 2020
Deploy the Splunk Add-on for Splunk UBA
Send Splunk UBA anomalies and threats to Splunk ES as notable events

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4,, 5.0.5,, 5.1.0,, 5.2.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters