Splunk Enterprise Security

Adding key indicator search to custom dashboard in Splunk Enterprise Security

ThuLe
Explorer

Hello,

I'm trying to add new/existing key indicator searches to my dashboard in ES, but the edit toolbar does not have the "Add Key Indicator" button.

My custom dashboard:

My custom dashboardMy custom dashboard

Default dashboard with Key Indicators:

Default dashboard with Key IndicatorDefault dashboard with Key Indicator

I also tried to clone the default "Email Activity" dashboard (which has existing key indicators in it), but the clone dashboard cannot be loaded.

image.pngimage.png

What should I do?

If this is a bug, which log files do I need to check?

 

Thank you. 

Labels (3)
0 Karma

LeeKeener2nd
New Member

This is a little late, but I was interested in doing the same thing as OP. Looking at ES dashabord source it looks like key indicators visualization is custom. Make me question using it in my own dashboard. Is that a good idea?

LeeKeener2nd_0-1722389620025.png

 

0 Karma

meetmshah
Builder

Hello @ThuLe,

There should be input available in the dropdown menu - 

meetmshah_0-1696077616676.png

 

Can you please confirm if this is something you are looking for? Please accept the solution and hit Karma, if this helps!

0 Karma

meetmshah
Builder

Hello, Just checking through if the issue was resolved or you have any further questions?

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...