Splunk® User Behavior Analytics

Use Splunk User Behavior Analytics

Search for entities, anomalies, and threats in Splunk UBA

You can use the Search field on any page in Splunk UBA to help find entities, anomalies, and threats. See the following examples of searches you can perform:

  • Search for a specific user in the Users Table.
  • Search for a specific device in the Devices Table.
  • Search for a specific app in the Apps Table.
  • Search for a specific anomaly by description or summary in the Anomalies Table.
  • Search for a specific threat by description of summary in the Threats Table.
  • Search for any anomaly or threat that includes a specific user, account, device, app, or domain.
  • Search for any entity, anomaly, or threat when creating an anomaly action rule.

Searches for anomalies, threats, users, accounts, apps, or domains are not case-sensitive. Searches for device names are case-sensitive.

Last modified on 27 November, 2023
Change user profile settings in Splunk UBA   Review threats and anomalies in your environment

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.1.0,, 5.2.0, 5.2.1, 5.3.0, 5.4.0

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters