Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to change time picker for security posture dashboard in ES?

splunky_diamond
Path Finder
‎05-11-2024 01:29 AM

Hello Splunkers!

I want to change the time picker of this dashboard in Enterprise security to provide the count of notables not over the last 24 hours, but over 12 hours. 

splunky_diamond_0-1715415903865.png

I tried changing values related to time in the source code via GUI:

splunky_diamond_1-1715416016049.png

It does not work, for some reason, the changes are not being saved, even though I am hitting the save button. Is there a way to add a time picker for this dashboard, so that we can select our interested time period at any time, and update the dashboard instantly?

Thanks in advance for taking time reading and replying to my post ❤️

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-11-2024 02:13 AM

Hi @splunky_diamond,

did you tried to go in [Configure > Incident Review]?

Surely, in this dashboard it's possible to change the time picker of the Incident Review dashboard, I'm not sure that's the same thing also for Securty Posture.

Ciao.

Giuseppe

0 Karma
Reply

splunky_diamond
Path Finder
‎05-11-2024 02:37 AM

Hello @gcusello , 

Thanks for replying to my post!

I am sorry, but I don't think I quite understand what you are suggesting. Just FYI, here are all the available configurations in the [Configure > All configurations]: 

splunky_diamond_0-1715420133299.png

I checked multiple settings, but I don't think any of them relate to a specific dashboard that I am looking to change settings for. 

Cheers,

splunky_diamond.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-11-2024 03:45 AM

Hi @splunky_diamond,

see in [Incident Management > Incident Review Settings]

As I said, in this form you can configure the default Time Picker for the Incident Review dashboard, see (I'm not sure!)  if the same setting is applied also to Security Posture.

Ciao.

Giuseppe

0 Karma
Reply

splunky_diamond
Path Finder
‎05-11-2024 03:54 AM

I checked, it does not apply to Security Posture, but I found something, we can add the time range to that dashboard: 

splunky_diamond_0-1715424852475.png

I just need to figure out how to bind it to my specific dashboard, and it should work!

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-11-2024 04:03 AM

Hi @splunky_diamond ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer (eventually your last) for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

Reply
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...