Dashboards & Visualizations

A chart (of tstat/ counts) of the content that was bookmarked. for the past 7 days

Amadou
Loves-to-Learn

Hello Can you help me Creating a dashboard that contains the following charts/data:

                     Bookmarked content

    1. A chart (of tstat/ counts) of the content that was bookmarked. for the past 7 days
    2. A chart with the names of the alerts/detections that were bookmarked for the past 30 days  Analso in this situation how to find your filed name in your splunk: bookmarked, bookmark I use both of them in my query but it still not working or we should use ''active'' please propose me a query.                  help me find the exact field name in order to create the exact query. Thank you. 
Labels (1)
0 Karma

Amadou
Loves-to-Learn

I mean the content i have mapped in my mitre attack in the last 7 days.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What is bookmarked data? Please share some anonymised, representative sample events showing the event data you are working with, and a representation of your expected results.

Tags (1)
0 Karma

Amadou
Loves-to-Learn

@ITWhisperer

can i created a meeting with you tomorrow?

THANKS

 

0 Karma

Amadou
Loves-to-Learn

build a search query that captures the desired data. Assuming that the bookmarked content is logged with an event type or field that specifies when content is bookmarked (e.g., action = "bookmark"),

 

here's a query you could use:

 

| tstats count where index="your_index" sourcetype="your_sourcetype" action="bookmark" earliest=-7d@d latest=now by content
| rename content as "Content", count as "Bookmark Count"

but having problem to find the exact field name.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...