Splunk® User Behavior Analytics Monitoring App

Splunk UBA Monitoring App

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Share data in the Splunk UBA Monitoring App

When the Splunk UBA Monitoring App is deployed on Splunk Enterprise, the Splunk platform sends aggregated usage data to Splunk Inc. ("Splunk") to help improve the Splunk UBA Monitoring App in future releases. For information about how to opt in or out and how the data is collected, stored, and governed, see Share data in Splunk Enterprise.


What data is collected

The Splunk UBA Monitoring App collects the following basic usage information:

Component Description Example
uba.telemetry.generalinfo Collects general information. 
{ [-]
   app: Splunk_UBA_Monitor
   component: uba.telemetry.generalinfo
   data: { [-]
     OSDescription: Red Hat Enterprise Linux release 8.4 (Ootpa)
     UBAVersion: 5.1.0-20220721-000019
     Version: 1
   }
   deploymentID: c9d01c37-0489-59a2-b92f-1bcc73ac9dcb
   eventID: F3ABBC57-EECB-4836-8484-ECAB240C303F
   executionID: EFBB8029-EE6B-4C15-8BD2-3EC7F55153AD
   optInRequired: 3
   timestamp: 1673344801
   type: event
   userID: 3d19cd361b2b68bc7dd1e6ed4f12c38af61aefe344bbed1d689d32a813b9df81
   visibility: [ [+]
   ]
}
uba.telemetry.deploymentinfo Collects deployment information. 
{ [-]
   app: Splunk_UBA_Monitor
   component: uba.telemetry.deploymentinfo
   data: { [-]
     UBANodesCount: 1
     Version: 1
   }
   deploymentID: c9d01c37-0489-59a2-b92f-1bcc73ac9dcb
   eventID: DA8C6F5B-E51F-407A-97A5-6E815477CD37
   executionID: EFBB8029-EE6B-4C15-8BD2-3EC7F55153AD
   optInRequired: 3
   timestamp: 1673344801
   type: event
   userID: 3d19cd361b2b68bc7dd1e6ed4f12c38af61aefe344bbed1d689d32a813b9df81
   visibility: [ [+]
   ]
}
uba.telemetry.sizinginfo Collects sizing information. 
{ [-]
   app: Splunk_UBA_Monitor
   component: uba.telemetry.sizinginfo
   data: { [-]
     Anomaly: 70
     App: 82
     Device: 2706431
     Threat: 0
     User: 0
     Version: 1
   }
   deploymentID: c9d01c37-0489-59a2-b92f-1bcc73ac9dcb
   eventID: F8624C52-2115-4809-8583-86E555973E8F
   executionID: EFBB8029-EE6B-4C15-8BD2-3EC7F55153AD
   optInRequired: 3
   timestamp: 1673344801
   type: event
   userID: 3d19cd361b2b68bc7dd1e6ed4f12c38af61aefe344bbed1d689d32a813b9df81
   visibility: [ [+]
   ]
}
uba.telemetry.resourceinfo Collects resource information. 
{ [-]
   app: Splunk_UBA_Monitor
   component: uba.telemetry.resourceinfo
   data: { [-]
     Resources: [ [-]
       {"Memory": "{\"Total\": \"64148M\", \"Used\": \"22194M\", \"Free\": \"41954M\"}"}
       {"Disk": ["{\"Filesystem\": \"/dev/sdb1\", \"Total\": \"98G\", \"Used\": \"21G\", \"Free\": \"73G\"}", "{\"Filesystem\": \"/dev/sdc1\", \"Total\": \"98G\", \"Used\": \"897M\", \"Free\": \"93G\"}"]}
     ]
     Version: 1
   }
   deploymentID: c9d01c37-0489-59a2-b92f-1bcc73ac9dcb
   eventID: 4A207F3E-0229-4F8C-ACD1-8322053A9164
   executionID: EFBB8029-EE6B-4C15-8BD2-3EC7F55153AD
   optInRequired: 3
   timestamp: 1673344804
   type: event
   userID: 3d19cd361b2b68bc7dd1e6ed4f12c38af61aefe344bbed1d689d32a813b9df81
   visibility: [ [+]
   ]
}
uba.telemetry.eps Collects EPS information. 
{ [-]
   app: Splunk_UBA_Monitor
   component: uba.telemetry.eps
   data: { [-]
     EPS: [ [-]
       {"uuid": "ETL", "MaxEPS": 0, "AvgEPS": 0}
       {"uuid": "Overall", "MaxEPS": 0, "AvgEPS": 0}
     ]
     Version: 1
   }
   deploymentID: c9d01c37-0489-59a2-b92f-1bcc73ac9dcb
   eventID: 2DFFC701-D320-44E2-86A1-C63EDFB6B63C
   executionID: EFBB8029-EE6B-4C15-8BD2-3EC7F55153AD
   optInRequired: 3
   timestamp: 1673344801
   type: event
   userID: 3d19cd361b2b68bc7dd1e6ed4f12c38af61aefe344bbed1d689d32a813b9df81
   visibility: [ [+]
   ]
}
uba.telemetry.datastore.postgres Collects Postgres information. 
{ [-]
   app: Splunk_UBA_Monitor
   component: uba.telemetry.datastore.postgres
   data: { [-]
     Tables: [ [-]
       {"Table": "irsystems", "RowCount": 2666320, "TableSize": "379 MB"}
       {"Table": "devicerawevents", "RowCount": 2441419, "TableSize": "3157 MB"}
       {"Table": "systems", "RowCount": 1805468, "TableSize": "576 MB"}
       {"Table": "usystems", "RowCount": 858182, "TableSize": "236 MB"}
       {"Table": "blackwhitelist", "RowCount": 276521, "TableSize": "35 MB"}
     ]
     Version: 1
   }
   deploymentID: c9d01c37-0489-59a2-b92f-1bcc73ac9dcb
   eventID: 88C360EA-8443-460F-A746-819ACB1ED322
   executionID: EFBB8029-EE6B-4C15-8BD2-3EC7F55153AD
   optInRequired: 3
   timestamp: 1673344801
   type: event
   userID: 3d19cd361b2b68bc7dd1e6ed4f12c38af61aefe344bbed1d689d32a813b9df81
   visibility: [ [+]
   ]
}
uba.telemetry.datastore.impala Collects Impala information. 
{ [-]
   app: Splunk_UBA_Monitor
   component: uba.telemetry.datastore.impala
   data: { [-]
     Tables: [ [-]
       {"Table": "cevents", "RowCount": 1658880, "TableSize": "1.90MB", "Total Files": 219}
       {"Table": "eevents", "RowCount": 414720, "TableSize": "1.39MB", "Total Files": 219}
       {"Table": "mevents", "RowCount": 51840, "TableSize": "1.04MB", "Total Files": 219}
       {"Table": "offlinemodelstats", "RowCount": 6077, "TableSize": "3.33MB", "Total Files": 661}
       {"Table": "datasourcevalidations", "RowCount": 463, "TableSize": "254.27KB", "Total Files": 26}
       {"Table": "auditevents", "RowCount": 135, "TableSize": "198.30KB", "Total Files": 55}
       {"Table": "printerdata", "RowCount": 5, "TableSize": "28.49KB", "Total Files": 5}
       {"Table": "addomainsioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "adpstioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "adpstmodelready", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "appsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "authenticationevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "badgeaccess", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "beaconioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "boxnewaccessdata", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "boxnewaccessdatarun", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_dlp_file_transfer", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_dlpmatches", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_prints", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_usb_data_transfer", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_usb_denies", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_usb_successful_file_writes", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_dlp_file_transfer", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_dlpmatches", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_prints", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_usb_data_transfer", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_usb_denies", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_usb_successful_file_writes", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "databasesummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "destinationports", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "destinations", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "deviceanomalyinfo", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "devicefingerprintingsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "deviceprofiles", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "dlpsummary_s", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "domains", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "emaildomainpopularity", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "emailsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "endpointfileevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "endpointprocessevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "endpointregistryevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "endpointserviceevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "externalalarms", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "externaldomainpopularity", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "externalippopularity", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "fileaccess_s", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "frequentpatternsofexternalalarms", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "frequentpatternsofwindowslogins", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "fwthreatlogsfrequentpatterns", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "fwthreatlogsscoredevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "geosummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "graphedges", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "graphnodes", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "groupedentities", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "groupingsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "hrpeergroupingdata", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "httpmalwaremodelsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "httpsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "httpsummary_s", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "hygienebaseduserranking", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "identicaldevicesioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "ioctypetest", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "irinfo", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "mapidenticaldomains", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "powershellevent", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "processpopularity", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "rareemaildomainioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "rarepowershellioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "rawevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "remodelfeatures", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "scoredeventsofexternalalarms", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "scoredeventsofwindowslogins", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "semiaggr", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "semiaggr_s", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "sources", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "systems", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "tevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "udest", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "udomains", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "useranomalyinfo", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "userdevicerelations", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "userhygienesummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "userprofiles", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "userrankinginsider", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "usersummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "usource", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "windowsevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "windowsloginsfrequentpatterns", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "windowsloginsscoredevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
     ]
     Version: 1
   }
   deploymentID: c9d01c37-0489-59a2-b92f-1bcc73ac9dcb
   eventID: 4CE91047-1195-4E39-B01E-C019CC2E2E7D
   executionID: EFBB8029-EE6B-4C15-8BD2-3EC7F55153AD
   optInRequired: 3
   timestamp: 1673344801
   type: event
   userID: 3d19cd361b2b68bc7dd1e6ed4f12c38af61aefe344bbed1d689d32a813b9df81
   visibility: [ [+]
   ]
}{ [-]
   app: Splunk_UBA_Monitor
   component: uba.telemetry.datastore.impala
   data: { [-]
     Tables: [ [-]
       {"Table": "cevents", "RowCount": 1658880, "TableSize": "1.90MB", "Total Files": 219}
       {"Table": "eevents", "RowCount": 414720, "TableSize": "1.39MB", "Total Files": 219}
       {"Table": "mevents", "RowCount": 51840, "TableSize": "1.04MB", "Total Files": 219}
       {"Table": "offlinemodelstats", "RowCount": 6077, "TableSize": "3.33MB", "Total Files": 661}
       {"Table": "datasourcevalidations", "RowCount": 463, "TableSize": "254.27KB", "Total Files": 26}
       {"Table": "auditevents", "RowCount": 135, "TableSize": "198.30KB", "Total Files": 55}
       {"Table": "printerdata", "RowCount": 5, "TableSize": "28.49KB", "Total Files": 5}
       {"Table": "addomainsioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "adpstioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "adpstmodelready", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "appsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "authenticationevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "badgeaccess", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "beaconioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "boxnewaccessdata", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "boxnewaccessdatarun", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_dlp_file_transfer", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_dlpmatches", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_prints", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_usb_data_transfer", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_usb_denies", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_baseline_usb_successful_file_writes", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_dlp_file_transfer", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_dlpmatches", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_prints", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_usb_data_transfer", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_usb_denies", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "daily_user_usb_successful_file_writes", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "databasesummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "destinationports", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "destinations", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "deviceanomalyinfo", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "devicefingerprintingsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "deviceprofiles", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "dlpsummary_s", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "domains", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "emaildomainpopularity", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "emailsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "endpointfileevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "endpointprocessevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "endpointregistryevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "endpointserviceevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "externalalarms", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "externaldomainpopularity", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "externalippopularity", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "fileaccess_s", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "frequentpatternsofexternalalarms", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "frequentpatternsofwindowslogins", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "fwthreatlogsfrequentpatterns", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "fwthreatlogsscoredevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "geosummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "graphedges", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "graphnodes", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "groupedentities", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "groupingsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "hrpeergroupingdata", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "httpmalwaremodelsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "httpsummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "httpsummary_s", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "hygienebaseduserranking", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "identicaldevicesioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "ioctypetest", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "irinfo", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "mapidenticaldomains", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "powershellevent", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "processpopularity", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "rareemaildomainioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "rarepowershellioc", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "rawevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "remodelfeatures", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "scoredeventsofexternalalarms", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "scoredeventsofwindowslogins", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "semiaggr", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "semiaggr_s", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "sources", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "systems", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "tevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "udest", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "udomains", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "useranomalyinfo", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "userdevicerelations", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "userhygienesummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "userprofiles", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "userrankinginsider", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "usersummary", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "usource", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "windowsevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "windowsloginsfrequentpatterns", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
       {"Table": "windowsloginsscoredevents", "RowCount": 0, "TableSize": "0B", "Total Files": 0}
     ]
     Version: 1
   }
   deploymentID: c9d01c37-0489-59a2-b92f-1bcc73ac9dcb
   eventID: 4CE91047-1195-4E39-B01E-C019CC2E2E7D
   executionID: EFBB8029-EE6B-4C15-8BD2-3EC7F55153AD
   optInRequired: 3
   timestamp: 1673344801
   type: event
   userID: 3d19cd361b2b68bc7dd1e6ed4f12c38af61aefe344bbed1d689d32a813b9df81
   visibility: [ [+]
   ]
}
Last modified on 14 March, 2023
PREVIOUS
About the Splunk UBA Monitoring App 		  NEXT
Splunk UBA Monitoring App requirements

This documentation applies to the following versions of Splunk® User Behavior Analytics Monitoring App: 1.1.3

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters