Splunk® User Behavior Analytics

Get Data into Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Send notable events from Splunk Enterprise Security to Splunk UBA

You can send notable events from Splunk Enterprise Security (ES) to Splunk UBA to be processed for anomalies. You can use Splunk UBA to generate threats from the correlation search anomalies.

For more information see How Splunk UBA sends and receives data from the Splunk platform in Send and Receive Data from the Splunk Platform.

Last modified on 04 April, 2024
Splunk UBA category to Splunk CIM field reference   Configure PowerShell logging to see PowerShell anomalies in Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4,, 5.0.5,, 5.1.0,, 5.2.0, 5.2.1, 5.3.0

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters