Dashboards & Visualizations

A chart (of tstat/ counts) of the content that was bookmarked. for the past 7 days

Amadou
Loves-to-Learn

Hello Can you help me Creating a dashboard that contains the following charts/data:

                     Bookmarked content

    1. A chart (of tstat/ counts) of the content that was bookmarked. for the past 7 days
    2. A chart with the names of the alerts/detections that were bookmarked for the past 30 days  Analso in this situation how to find your filed name in your splunk: bookmarked, bookmark I use both of them in my query but it still not working or we should use ''active'' please propose me a query.                  help me find the exact field name in order to create the exact query. Thank you. 
Labels (1)
0 Karma

Amadou
Loves-to-Learn

I mean the content i have mapped in my mitre attack in the last 7 days.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What is bookmarked data? Please share some anonymised, representative sample events showing the event data you are working with, and a representation of your expected results.

Tags (1)
0 Karma

Amadou
Loves-to-Learn

@ITWhisperer

can i created a meeting with you tomorrow?

THANKS

 

0 Karma

Amadou
Loves-to-Learn

build a search query that captures the desired data. Assuming that the bookmarked content is logged with an event type or field that specifies when content is bookmarked (e.g., action = "bookmark"),

 

here's a query you could use:

 

| tstats count where index="your_index" sourcetype="your_sourcetype" action="bookmark" earliest=-7d@d latest=now by content
| rename content as "Content", count as "Bookmark Count"

but having problem to find the exact field name.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...