Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I've got some information I'd like to turn into panels - am I going about this correctly?

davey1020
New Member
‎11-23-2017 11:51 AM

Hi All,

I've been using the Splunk Add-on for Tenable to import the network scans from Nessus Professional. This part works great, searches are fine. I wanted to go to the next step and create a dashboard with all my critical vulnerabilities and how many IPs are affected.

I've managed to kludge together a query to get a nice looking table - but can't seem to take the next step into:

  1. Taking each signature and creating a panel out of it
  2. Get the number of IPs that are affected by said signature as a sigle value in the panel for the signature

Right now my query is

sourcetype="nessus" OR sourcetype="nessus:scan" (severity="critical") | stats values(signature) as signature by dest, severity

It comes out with a table

dest severity signature
10.128.20.10 critical Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)
PHP Unsupported Version Detection

Is this the best way to get to my requirement? Not sure how to integrate this into a panel.

Thanks for your help
--Dave

0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎11-23-2017 04:52 PM

The Save As dashboard panel on the RHS of the screen is how you can convert your search results into a dashboard panel

Perhaps you want to have a distinct count of the IP's by signature, dest, severity?

sourcetype="nessus" OR sourcetype="nessus:scan" (severity="critical") | stats dc(IP) by dest, severity, signature

The above would assume your IP field is called "IP" and that you want it split by all three of those items...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...