Dashboards & Visualizations

A chart (of tstat/ counts) of the content that was bookmarked. for the past 7 days

Amadou
Loves-to-Learn

Hello Can you help me Creating a dashboard that contains the following charts/data:

                     Bookmarked content

    1. A chart (of tstat/ counts) of the content that was bookmarked. for the past 7 days
    2. A chart with the names of the alerts/detections that were bookmarked for the past 30 days  Analso in this situation how to find your filed name in your splunk: bookmarked, bookmark I use both of them in my query but it still not working or we should use ''active'' please propose me a query.                  help me find the exact field name in order to create the exact query. Thank you. 
Labels (1)
0 Karma

Amadou
Loves-to-Learn

I mean the content i have mapped in my mitre attack in the last 7 days.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What is bookmarked data? Please share some anonymised, representative sample events showing the event data you are working with, and a representation of your expected results.

Tags (1)
0 Karma

Amadou
Loves-to-Learn

@ITWhisperer

can i created a meeting with you tomorrow?

THANKS

 

0 Karma

Amadou
Loves-to-Learn

build a search query that captures the desired data. Assuming that the bookmarked content is logged with an event type or field that specifies when content is bookmarked (e.g., action = "bookmark"),

 

here's a query you could use:

 

| tstats count where index="your_index" sourcetype="your_sourcetype" action="bookmark" earliest=-7d@d latest=now by content
| rename content as "Content", count as "Bookmark Count"

but having problem to find the exact field name.

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...